Sign implements token signing for the SigningMethod. For this signing method, key must be an ed25519.PrivateKey
(signingString string, key any)
| 56 | // Sign implements token signing for the SigningMethod. |
| 57 | // For this signing method, key must be an ed25519.PrivateKey |
| 58 | func (m *SigningMethodEd25519) Sign(signingString string, key any) ([]byte, error) { |
| 59 | var ed25519Key crypto.Signer |
| 60 | var ok bool |
| 61 | |
| 62 | if ed25519Key, ok = key.(crypto.Signer); !ok { |
| 63 | return nil, newError("Ed25519 sign expects crypto.Signer", ErrInvalidKeyType) |
| 64 | } |
| 65 | |
| 66 | if _, ok := ed25519Key.Public().(ed25519.PublicKey); !ok { |
| 67 | return nil, ErrInvalidKey |
| 68 | } |
| 69 | |
| 70 | // Sign the string and return the result. ed25519 performs a two-pass hash |
| 71 | // as part of its algorithm. Therefore, we need to pass a non-prehashed |
| 72 | // message into the Sign function, as indicated by crypto.Hash(0) |
| 73 | sig, err := ed25519Key.Sign(rand.Reader, []byte(signingString), crypto.Hash(0)) |
| 74 | if err != nil { |
| 75 | return nil, err |
| 76 | } |
| 77 | |
| 78 | return sig, nil |
| 79 | } |