x/crypto/openpgp: Support signing of pre-computed hashes #28022
Labels
FrozenDueToAge
NeedsDecision
Feedback is required from experts, contributors, and/or the community before a change can be made.
Proposal-Crypto
Proposal related to crypto packages or other security issues
Milestone
This is a perhaps unusual feature request: the autograph service provides an API that clients can use to request signatures. Most of the time, clients call
/sign/data
with a raw message to sign, and that works fine with openpgp. But in some cases, we want to just accept a pre-computed hash to reduce the bandwidth usage between a client and the autograph service.Trying to implement this with the openpgp package seems rather challenging. From what I can tell, the packet#Signature.Sign() function takes an initialized hash, appends a suffix and finishes the computation of the digest, then signs. There's no obvious way to provide the function with a hash that's already computed. I'm also failing to think of a way to hack around this without touching the openpgp/packet package directly.
Would it be possible to implement a
SignHash
function in thepacket
package that takes a pre-computed hash? It might also be useful to exportbuildHashSuffix
for client to assemble the hash themselves.The text was updated successfully, but these errors were encountered: