Git Product home page Git Product logo

heimdall's Introduction

Heimdall

Build Status License Language Coverage Status

Heimdall is a simple library for signing and verifying messages written by Golang.


Definition of Heimdall

  • In Norse mythology, Heimdall guarded the Bifrost, which the Vikings believed rainbows came from

  • Heimdall also appears in the Marvel cinematic universe.

    Heimdall is the all-seeing and all-hearing Asgardian and former guard of the Bifrost Bridge.

Getting Started with Heimdall

Installation

go get -u github.com/DE-labtory/heimdall

Usage

1. Load crypto configuration (maybe from configuration file)

// In this sample, we use default configuration that equals to use heimdall.NewDefaultConfig()
myConfig, err := heimdall.NewConfig(
    192,                        // security level
    heimdall.TestKeyDir,        // key directory path
    heimdall.TestCertDir,       // certificate directory path
    "AES-CTR",                  // encryption algorithm and operation mode name
    "ECDSA",                    // signing algorithm name
    "scrypt",                   // key derivation function name
    heimdall.DefaultScrpytParams, // key derivation function parameters
)

2. Generate key pair

// Generate key pair
privateKey, err := heimdall.GenerateKey(myConfig.CurveOpt)

// public key can be obtained like below
publicKey := &privateKey.PublicKey

3. Minimize key size (bytes <--> key)

The key bytes from these functions have a component for recovering the key.

// private key to bytes(from bytes)
bytePri := heimdall.PriKeyToBytes(privateKey)
recPri, err := heimdall.BytesToPriKey(bytePri, myConfig.CurveOpt)

// public key to bytes(from bytes)
bytePub := heimdall.PubKeyToBytes(publicKey)
recPub, err := heimdall.BytesToPubKey(bytePub, myConfig.CurveOpt)

4. Key ID

Keys can be identified by below key ID with prefix that is "IT" for it-chain.
Key IDs from private key and public key are equal, so we use public key .

// key ID from public key directly
keyId := PubKeyToKeyID(publicKey)

// key ID from SKI(Subject Key Identifier) used in certificate
ski := heimdall.SKIFromPubKey(publicKey)
keyId := heimdall.SKIToKeyID(ski)

// SKI from key ID
recSki := heimdall.SKIFromKeyID(keyId)

5. Store and load key by keystore

// make new keystore
ks, err := heimdall.NewKeyStore(myConFig.KeyDirPath, myConFig.Kdf, myConFig.KdfParams, myConFig.EncAlgo, myConFig.EncKeyLength)

// storing private key with password for encryption of private key
err = ks.StoreKey(privateKey, "password")

// load private key by key ID and password
loadedPri, err := ks.LoadKey(keyId, "password")

6. Store and load certificate by certstore

Assume that 'cert' is a x.509 certificate of 'publicKey' which can be identified by 'keyId'

// make certstore
certstore, err := heimdall.NewCertStore(myConFig.CertDirPath)

// store certificate as .crt file named as its key ID
err = certstore.StoreCert(cert)

// load certificate by key ID
cert, err = certstore.LoadCert(keyId string)

7. Verify certificate

// verify certificate chain (check if the chain of trust is right in local)
err = certstore.VerifyCertChain(cert)

// verify certificate (check if expired or revoked)
timeValid, notRevoked, err := heimdall.VerifyCert(cert)

8. Make signature for data and verify the signature

sampleData := []byte("This is sample data for signing and verifying.")

// signing (making signature)
signature, err := heimdall.Sign(pri, sampleData, nil, myConFig.HashOpt)

/* --------- After data transmitted --------- */
/* --------- In receiver node --------- */
// verify signature with public key
ok, err := heimdall.Verify(pub, signature, sampleData, nil, myConFig.HashOpt)
// verify signature with certificate
ok, err = heimdall.VerifyWithCert(clientCert, signature, sampleData, nil, myConFig.HashOpt)

Features

Signature algorithms

Currently, we support following Signature algorithms with options to provide wide selection range of key length.

  • ECDSA ( 224 / 256 / 384 / 512 )

Hash functions

You can make hash data by using SHA Algorithm with various type.

  • SHA ( 224 / 256 / 384 / 512 )

Default key storage path

If you enter empty path for your keystore such as "", your private key will be stored in below location.

(Current Directory)/.heimdall/.key

Lincese

Heimdall source code files are made available under the Apache License, Version 2.0 (Apache-2.0), located in the LICENSE file.

heimdall's People

Contributors

hea9549 avatar junbeomlee avatar owljoa avatar yojkim avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

junbeomlee owljoa frontalnh kkc90 unblockthechain

heimdall's Issues

ํ‚ค ๋ฉ”๋ชจ๋ฆฌ ํ•ด์ œ ๊ธฐ๋Šฅ ์ถ”๊ฐ€

์ฐธ๊ณ : [ํ‚ค๋ฅผ ๋ฉ”๋ชจ๋ฆฌ์— ์˜ค๋ž˜ ๋‘๋ฉด ์œ„ํ—˜!] https://stackoverflow.com/questions/7046997/arent-private-keys-vulnerable-in-memory

func zeroBytes(bytes []byte) {
for i := range bytes {
bytes[i] = 0
}
}

์ด๋”๋ฆฌ์›€์€ ์ด๋ ‡๊ฒŒ ๊ตฌํ˜„ํ–ˆ๋„ค์š”.

์ด์ •๋„๋งŒ ํ•ด๋‘๋ฉด ์„œ๋น„์Šค ๋ ˆ๋ฒจ์—์„œ ํ‚ค ์‚ฌ์šฉ ์‹œ ํƒ€์ด๋จธ๋ฅผ ๊ฑธ์–ด์„œ ์ด ํ•จ์ˆ˜๋ฅผ ์‹คํ–‰ํ•˜๊ฑฐ๋‚˜ ํ•˜๋ฉด ๋ ๋“ฏํ•ฉ๋‹ˆ๋‹ค!

๊ฐœ์ธ์ ์œผ๋กœ Key interface๋ฅผ Key์™€ PRIKEY , PUBKEY3๊ฐœ๋กœ ๊ตฌํ˜„ํ•ด์„œ

type key interface {

}

type priKey interface{
key
}

type pubKey interface{
key
}

๋กœ ํ•ด์ฃผ๋Š”๊ฒŒ ์ข‹์„๊ฒƒ ๊ฐ™์•„์š”. ๋งŒ์•ฝ์— prikey์—์„œ pubkey๋ฅผ ์–ป๋Š”๋‹ค๋˜์ง€ ํ•˜๋Š” operation๋“ค ๊ฐ™์€ ๊ฒฝ์šฐ์—๋Š” ๊ฐ™์€ Key interface๋กœ๋Š” ์ฒ˜๋ฆฌํ•  ์ˆ˜ ์—†๊ธฐ๋•Œ๋ฌธ์— ๊ณตํ†ต interface์™€ ๊ฐœ๋ณ„ interface ๋ฅผ ๋‚˜๋ˆ ์„œ ๊ตฌํ˜„ํ•ด์ฃผ๋Š”๊ฒƒ์ด ๋” ์ข‹์€ ๋ฐฉ๋ฒ•์ผ๊ฒƒ๊ฐ™์Šต๋‹ˆ๋‹ค

InitHeimdall ํ•จ์ˆ˜ ์ž‘์„ฑ

InitHeimdall(?)
(์„ค์ •ํŒŒ์ผ์—์„œ ์ฝ์–ด์˜จ) ์„œ๋ช…ํ‚ค ๊ธธ์ด, ์‚ฌ์šฉํ•  ํƒ€์›๊ณก์„ , ํ‚ค ์œ ๋„ ์•Œ๊ณ ๋ฆฌ์ฆ˜ ๋ฐ ์œ ๋„ํ•  ํ‚ค ๊ธธ์ด ๋“ฑ์„ ์ž…๋ ฅ๋ฐ›์•„ ํŒŒ๋ผ๋ฏธํ„ฐ ์ดˆ๊ธฐ ์„ค์ •ํ•˜๋Š” ํ•จ์ˆ˜

์„ค์ •ํŒŒ์ผ -> engine - config์—... ์ถ”๊ฐ€๋  ์˜ˆ์ •.

Security Level - ๋ณด์•ˆ ๋ ˆ๋ฒจ (ํ‘œ ์ฐธ๊ณ )

security_level

KDF(Key Derivation Function) - ํ‚ค ์œ ๋„ ์•Œ๊ณ ๋ฆฌ์ฆ˜ ์ด๋ฆ„ (ํ‚ค ๊ธธ์ด๋Š” ๋ณด์•ˆ๋ ˆ๋ฒจ๋กœ๋ถ€ํ„ฐ ์œ ์ถ” ๊ฐ€๋Šฅ) ex) pbkdf2, scrypt, bcrypt...
Signing Algorithm - ํ˜•์‹์ ์ด์ง€๋งŒ ์„œ๋ช… ์•Œ๊ณ ๋ฆฌ์ฆ˜ ECDSA ๋ช…์‹œ
Encryption Algorithm - (๋ธ”๋ก)์•”ํ˜ธํ™” ์•Œ๊ณ ๋ฆฌ์ฆ˜ - ์šด์˜๋ชจ๋“œ ex) aes-ctr
Certificate Format - ์ธ์ฆ์„œ ํฌ๋ฉง ex) pem, der ..
Certificate Path - ์ธ์ฆ์„œ ์ €์žฅ ๊ฒฝ๋กœ
Private Key Path - ๊ฐœ์ธํ‚ค ์ €์žฅ ๊ฒฝ๋กœ

(์ถ”๊ฐ€์ค‘)
...๋˜ ์„ค์ • ์‹œ ์ถ”๊ฐ€ ํ•„์š”ํ•œ ๋ถ€๋ถ„ ํ˜น์‹œ ์ƒ๊ฐ๋‚˜๋Š”๊ฑฐ ์žˆ์œผ์‹œ๋ฉด ์ฝ”๋ฉ˜ํŠธ ๋ถ€ํƒ๋“œ๋ฆฝ๋‹ˆ๋‹ค!

scrpyt, pbkdf2์˜ ํ‚ค์œ ๋„ ํŒŒ๋ผ๋ฏธํ„ฐ๋“ค ์ œํ•œ ๋ฒ”์œ„ ์กฐ์‚ฌํ•ด์„œ ๊ฐ๊ฐ์˜ IsValid ๊ตฌํ˜„

scrypt๋Š” n, r, p ๊ฐ’
pbkdf2๋Š” iteration ๊ฐ’

์œ ๋„๋˜๋Š” ํ‚ค๊ฐ€ private key๋ฅผ ์•”ํ˜ธํ™”ํ•˜๋Š”๋ฐ์— ์“ฐ์ด๋ฏ€๋กœ ๋กœ๊ทธ์ธ์— ์“ฐ์ด๋Š” ํ‚ค๋ฅผ ์œ ๋„ํ•˜๋Š” ๊ฒƒ๋ณด๋‹ค ์•ˆ์ „์„ฑ ํ•„์š”

SHA1 ํ•ด์‹œ ์˜ต์…˜ ์ œ๊ฑฐ

SHA1์€ 2017๋…„ ์ดˆ์— ๊นจ์ ธ์„œ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š” ๊ฒƒ์„ ๊ถŒ์žฅํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.
์•„์ง ๊ฐœ์ธ ๋‹จ์œ„๋กœ ๊นฐ๋งŒํ•œ ๊ณ„์‚ฐ๋Ÿ‰์€ ์•„๋‹ˆ์ง€๋งŒ.. ์ด๋ก ์ด ์•„๋‹Œ ํ˜„์‹ค์—์„œ ๊ฐ€๋Šฅํ•ด์กŒ๋‹ค๋Š” ๊ฒƒ์€ ๊ฝค ์œ„ํ—˜ํ•œ ๊ฒƒ์ด ์‚ฌ์‹ค์ด๋‹ˆ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š” ๊ฒƒ์ด ์ข‹์„๋“ฏ ํ•ฉ๋‹ˆ๋‹ค. :)

references

  1. https://shattered.io/
  2. http://blog.plura.io/?p=6619

remove if statement for empty intermediate pool for verifying cert chain

intermediate CA ์ธ์ฆ์„œ๋Š” chain์— ๊ผญ ์žˆ์–ด์•ผํ•˜๋Š” ์ธ์ฆ์„œ๊ฐ€ ์•„๋‹ˆ๋ฏ€๋กœ if๋ฌธ์œผ๋กœ ๊ฐ•์ œํ•ด์„œ ์—๋Ÿฌ ๋ฐœ์ƒ์‹œํ‚ค๋ฉด root CA์—๊ฒŒ ์ง์ ‘ ๋ฐ›์€ ์ •๋‹นํ•œ ์ธ์ฆ์„œ์—์„œ ์—๋Ÿฌ ๋ฐœ์ƒ

ex) ํ˜„์žฌ๋Š”..
rootCA -> IntermediateCA -> client (์ •์ƒ)
rootCA -> client (์—๋Ÿฌ) -> ์ด๊ฒƒ๋„ ์ •์ƒ์ด์–ด์•ผํ•จ!!

๊ทธ๋Ÿฌ๋ฏ€๋กœ cert chain ๊ฒ€์ฆ ์‹œ intermediate cert pool์˜ ๊ธธ์ด๊ฐ€ 0์ด๋ฉด ์—๋Ÿฌ ๋ฐœ์ƒ์‹œํ‚ค๋Š” if๋ฌธ ์ œ๊ฑฐํ•ด์•ผํ•จ!!

์—๋Ÿฌ ๋ฉ”์‹œ์ง€, ์ƒ์ˆ˜ ๋“ฑ ์‚ฌ์ „์‹์œผ๋กœ ์ •๋ฆฌํ•˜๋Š” ํŒŒ์ผ(?)

์ฝ”๋“œ ์ˆ˜์ •ํ•˜๋‹ค๊ฐ€.. ์ƒ๊ฐ๋‚ฌ์„๋•Œ ์ด์Šˆ๋กœ ์˜ฌ๋ฆฌ๋Š”๊ฒŒ ์ข‹์„๊ฒƒ ๊ฐ™์•„์„œ ์˜ฌ๋ฆฝ๋‹ˆ๋‹ค!

์—๋Ÿฌ ๋ฉ”์‹œ์ง€๋‚˜ ์ƒ์ˆ˜ ๊ฐ™์€ ์š”์†Œ๋“ค์„ ์ฝ”๋“œ๋‚ด์— ์ง์ ‘ ์ž…๋ ฅํ•˜์ง€ ์•Š๊ณ  ๋ณ€์ˆ˜ ํ˜•ํƒœ๋กœ ํŠน์ • dictionary ํ˜น์€ definitionํŒŒ์ผ์— ์ €์žฅํ•ด์„œ ๊ด€๋ฆฌํ•˜๋Š”๊ฑด ์–ด๋–จ๊นŒ์š”?

go์ฝ”๋“œ์—์„œ ์–ด์ฐŒ ์“ธ์ง€๋Š” ๋ชจ๋ฅด์ง€๋งŒ ์˜ˆ๋ฅผ๋“ค๋ฉด..
PI = 3.14
ERR_NO_OPT = "There is no input option"
์ด๋Ÿฐ์‹์œผ๋กœ ๋งŒ๋“ค์–ด๋‘๋Š”๊ฒƒ์ด ์–ด๋–จ๊นŒ์š”??

์ธ์ฆ์„œ ๊ฒ€์ฆ ๊ธฐ๋Šฅ ์ถ”๊ฐ€

  1. CRL(Certificate Revocation List)์ด์šฉํ•ด์„œ ์ธ์ฆ์„œ์˜ ํ์ง€ ์—ฌ๋ถ€ ํ™•์ธ
  2. ์ธ์ฆ์„œ๋‚ด์˜ ์ƒ์„ฑ์‹œ๊ฐ„, ๋งŒ๋ฃŒ์‹œ๊ฐ„ ์ฒดํฌ invalid or expired ํ™•์ธ

keyUtil ์ œ๊ฑฐ

cert ๊ตฌํ˜„ ์™„๋ฃŒํ•ด์„œ ๋ถˆํ•„์š” -> ์ œ๊ฑฐ

Key ToByte() ํ•จ์ˆ˜

์ง€๊ธˆ ํ˜„์žฌ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋Š” byte ํ˜•ํƒœ
ecdsa์˜ ์˜ˆ๋กœ๋Š”
private key -> D ๊ฐ’
public key -> curve์™€ X, Y ์ขŒํ‘œ ๊ฐ’๋“ค์„ marshalํ•œ ๊ฐ’
์„ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋Š”๋ฐ public chain์˜ ๊ฒฝ์šฐ๋Š” ์ธ์ฆ์„œ๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š๊ธฐ ๋•Œ๋ฌธ์— ๊ด€๊ณ„๊ฐ€ ์—†์ง€๋งŒ,,
์ธ์ฆ์„œ๋ฅผ ์‚ฌ์šฉํ•˜๊ธฐ ์œ„ํ•ด์„œ๋Š” ์ง€์ผœ์•ผํ•  ํ‘œ์ค€ ํ˜•ํƒœ๊ฐ€ ์žˆ์–ด์„œ.. ์ด์ „๊ณผ ๊ฐ™์ด DER, PEM ๋“ฑ์˜ ํ‘œ์ค€ ํฌ๋ฉง์„ ๋”ฐ๋ผ์•ผํ•  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.
์‚ฌ์‹ค์ƒ ํ‘œ์ค€ ํฌ๋ฉง๋“ค๋„ ์ฝ”๋“œ๋ฅผ ๋ณด๋‹ˆ ์œ„์˜ ์˜ˆ์‹œ์ฒ˜๋Ÿผ ๊ฐ’๋“ค์„ ๋ฝ‘์•„์„œ ํ‘œ์ค€์— ๋งž๋Š” ํฌ์žฅ์„ ํ•ด์ฃผ๋Š” ๊ฑฐ๋ผ.. ์„ฑ๋Šฅ์ƒ์œผ๋กœ๋Š” ๋ณ„ ์ฐจ์ด ์—†์„๊ฒƒ์œผ๋กœ ๋ณด์ž…๋‹ˆ๋‹ค.

key store path

์ง€๊ธˆ์€ ./keyRepository์ด๋ ‡๊ฒŒ ๋˜๋Š”๋ฐ ./heimdall์ด๋Ÿฐ๊ฒŒ ๋” ๋ฉ‹์ง€์ง€ ์•Š์„๊นŒ์—ฌ ๋‹ค๋“ค ์–ด์บ ์ƒ๊ฐํ•˜์‹œ๋‚˜์š”?

Pem์—์„œ ํ‚ค๋ฅผ ๋ณต๊ตฌํ•˜๋Š” ๋กœ์ง

Pem์—์„œ ํ‚ค๋ฅผ ๋ณต๊ตฌํ•˜๋Š” ๋กœ์ง์ด ๋”ฐ๋กœ ์žˆ์–ด์•ผ ํ•  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹น.

[]byteํ˜•ํƒœ๋กœ pem์„ ๋ฐ›์œผ๋ฉด ํŒŒ์ผํ˜•ํƒœ๊ฐ€ ์•„๋‹ˆ๋ผ []byte๋งŒ ์žˆ์Œ. ์ด๋Ÿด๋•Œ ๋ณต๊ตฌํ•ด์•ผ๋˜๋Š”๋ฐ ๋ณต๊ตฌํ•˜๋Š” ํ•จ์ˆ˜๊ฐ€ type, []byte๋ฅผ ๋ฐ›์•„์„œ ํ•ด๋‹นํ•˜๋Š” Key๋กœ ๋ฐ˜ํ™˜ํ•ด์ฃผ๋Š”ํ•จ์ˆ˜๊ฐ€ ์žˆ์œผ๋ฉด ์ข‹๊ฒ ์Šต๋‹ˆ๋‹น. ๊ทธ๋ž˜์•ผ peer๋ผ๋ฆฌ key๊ตํ™˜ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋„์™€์ฃผ์„ธ์š”!!

[fix] ์ธ์ฆ์„œ ํ๊ธฐ ์—ฌ๋ถ€ ์ฒดํฌ ํ›„ ๋ฐ˜ํ™˜๊ฐ’์— true ์ถ”๊ฐ€

issue: ์ธ์ฆ์„œ ํ๊ธฐ ์—ฌ๋ถ€ ์ฒดํฌ ์‹œ, ํ๊ธฐ๊ฐ€ ๋˜์—ˆ๋Š”์ง€๋งŒ ์ฒดํฌํ•˜๊ณ  ์•ˆ๋˜์—ˆ์„๋•Œ๋„ ํ๊ธฐ๋œ๊ฒƒ์œผ๋กœ false ๋ฆฌํ„ด

=> ํ๊ธฐ๊ฐ€ ๋˜์—ˆ๋Š”์ง€ ์ฒดํฌ ํ›„ ํ๊ธฐ๋œ ์ธ์ฆ์„œ๊ฐ€ ์•„๋‹Œ ๊ฒฝ์šฐ๋Š” true ๋ฆฌํ„ดํ•˜๋„๋ก ์ˆ˜์ •ํ•  ๊ฒƒ

X.509 ํฌ๋ฉง ์ธ์ฆ์„œ ์ง€์›

๋…ธ๋“œ๊ฐ„ ํ†ต์‹  ์‹œ ์‹ ๋ถ„์ฆ๋ช…์„ ์œ„ํ•ด rootCA, intermediateCA, ์ž๊ธฐ์ž์‹ ์˜ ์ธ์ฆ์„œ ์ „์†ก

  • ์ดํ›„์— ๊ณต๊ฐœํ‚ค ์ด์šฉํ•œ ์„ธ์…˜ ํ‚ค ๊ตํ™˜ ํ›„ ์•”ํ˜ธํ™” ํ†ต์‹ 

  1. ์ธ์ฆ์„œ ๋‚ด์šฉ
    https://golang.org/pkg/crypto/x509/#Certificate ์ฐธ๊ณ 

  2. ์ธ์ฆ์„œ store/load ํ•จ์ˆ˜ ๊ตฌํ˜„

  3. ์ธ์ฆ์„œ ํฌ๋ฉง์€ pem, der ์ง€์› (ํฌ๋ฉง ์ „ํ™˜ ํ•จ์ˆ˜๋“ค ๊ตฌํ˜„)

  4. keystore์™€ ์—ฐ๊ณ„ ํ˜น์€ keystore๋‚ด์— ๊ตฌํ˜„

  5. (๋ฏธ์ •)

์˜คํ”„๋ผ์ธ์—์„œ ๋ง์”€๋“œ๋ฆฐ ๊ตฌํ˜„ ๋””ํ…Œ์ผ ๋ฌธ์„œ ํ˜น์€ ์ฝ”๋ฉ˜ํŠธ์— ๋Œ€ํ•œ ์ •๋ณด์ž…๋‹ˆ๋‹ค.

์ œ๊ฐ€ ์ฃผ๋กœ ์‚ฌ์šฉํ•˜๋˜ ํŒŒ์ด์ฌ์—์„œ๋Š” ์•„๋ž˜์™€ ๊ฐ™์€ ์ฝ”๋ฉ˜ํŠธ๋ฅผ ๋‹ค๋Š” ๊ฒƒ์ด convention์ด์˜€์Šต๋‹ˆ๋‹ค.
์ธํ…”๋ฆฌ์ œ์ด ๊ธฐ๋ฐ˜ ํŒŒ์ด์ฐธ์—์„œ ์ฃผ์„ ์ƒ์„ฑ์‹œ ํ•จ์ˆ˜ ์›ํ˜•์„ ๋ณด๊ณ  ์ž๋™์œผ๋กœ ์ €๋ ‡๊ฒŒ :param ๊ฐ™์€ ๊ฒƒ๋“ค์ด ๋งŒ๋“ค์–ด์ง‘๋‹ˆ๋‹ค.
์ €๋Ÿฐ ํ‘œ์ค€๋ฐฉ์‹์˜ ์ฝ”๋ฉ˜ํŠธ๊ฐ€ ์ข‹์€์ ์€ tool(ํŒŒ์ด์ฌ์˜ ๊ฒฝ์šฐ๋Š” sphinx)์„ ์ด์šฉํ•œ ์ž๋™ documentation์„ ํ•  ๋•Œ,
ํŽธํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  tool๊นŒ์ง€ ์•ˆ๊ฐ€๋”๋ผ๋„ ์ฝ”๋“œ๋ฅผ ๋‚˜์ค‘์— ์ฝ์–ด๋„ ๋ˆˆ์— ์ž˜ ๋“ค์–ด์˜ค๊ณ ์š” :)

def load_data(p_user_id: str, target_dir: str, only_user_data: bool=False, fix_user_sample: int=None, fix_imposter_sample: int=None)
-> [np.ndarray, np.ndarray] or np.ndarray:
"""
load legitimate user's data and imposters' data from csv files
:param p_user_id: legitimate user's id(initial)
:param target_dir: target directory for finding requested user data
:param only_user_data: if true, return user data only. if false, return user and imposter data
:param fix_user_sample: fix the number of legitimate user sample to return
:param fix_imposter_sample: fix the number of imposter sample to return
:return: legitimate user data and imposter data
"""

๊ทธ๋Ÿฐ๋ฐ Go ์–ธ์–ด์˜ convention์„ ๋ณด๋‹ˆ ์กฐ๊ธˆ ๋‹ค๋ฅธ๊ฒƒ ๊ฐ™๋„ค์š”. golang ๊ฐœ๋ฐœ ๊นƒํ—™ ๋ฌธ์„œ์—๋Š” ์•„๋ž˜์™€ ๊ฐ™์€ ์˜ˆ์‹œ๊ฐ€ ์žˆ์—ˆ๊ณ , ๋งํฌ๋กœ ๊ฐ€์‹œ๋ฉด ๋ถ€์—ฐ์„ค๋ช…๋„ ์žˆ์Šต๋‹ˆ๋‹ค.(๋งํฌ : https://github.com/golang/go/wiki/Comments)
godoc์ด๋ผ๋Š” documentation ์ž๋™ํ™” tool๋„ ์žˆ๋„ค์š”. (https://godoc.org/)
ํ•œ๊ธ€๋ฒ„์ „์˜ comment ์„ค๋ช…์€ (https://golang.kr/doc/effective_go/commentary.html) ์—์„œ ์กฐ๊ธˆ ๋ณผ์ˆ˜ ์žˆ๋„ค์š”.

// Package superman implements methods for saving the world.
//
// Experience has shown that a small number of procedures can prove
// helpful when attempting to save the world.
package superman

// enterOrbit causes Superman to fly into low Earth orbit, a position
// that presents several possibilities for planet salvation.
func enterOrbit() os.Error {
...
}

coding convention์„ ์ผ์ผ์ด ๋”ฐ๋ฅด๋Š”๊ฑด ๋‚˜์ค‘์— ํ•ด๋„ ๋ ๊ฒƒ ๊ฐ™์ง€๋งŒ ์ฝ”๋ฉ˜ํŠธ๋‚˜ ๋ฌธ์„œ์— ๋Œ€ํ•œ ๊ทœ์น™(?)์€ ๋ฏธ๋ฆฌ ์ •์˜ํ•ด๋‘์–ด์•ผ ์ข‹์„๊ฒƒ ๊ฐ™์•„์„œ ๋ง์”€๋“œ๋ ธ์Šต๋‹ˆ๋‹ค!

๊ทธ๋ž˜์„œ ์•„๋งˆ ์ œ๊ฐ€ ๋‹ฌ๊ฒŒ๋  ์ฝ”๋ฉ˜ํŠธ๋Š” go์–ธ์–ด ๋ฐฉ์‹์ผ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค :)

ToPEM ๊ด€๋ จ ์งˆ๋ฌธ ๋“œ๋ฆฝ๋‹ˆ๋‹ค.

๊ฐ Key๋ณ„๋กœ ToPEM()์œผ๋กœ

RSA์˜ ๊ฒฝ์šฐ
--rsa.go--

func (key *RsaPrivateKey) ToPEM() ([]byte,error) {
keyData := x509.MarshalPKCS1PrivateKey(key.priv)

return pem.EncodeToMemory(
	&pem.Block{
		Type: "RSA PRIVATE KEY",
		Bytes: keyData,
	},
), nil

}

์ด๋Ÿฐ์‹์œผ๋กœ ๊ตฌํ˜„ ํ•˜์…จ๋Š”๋ฐ,

ํ‚ค ์œ ํ‹ธ์—์„œ๋„ ๊ฐ™์€ ๊ธฐ๋Šฅ์ด ๊ตฌํ˜„์ด ๋˜์–ด ์žˆ๋„ค์š”.
--KeyUtils.go--
func PublicKeyToPEM(pub Key) ([]byte, error)
func PrivateKeyToPEM(pri Key) ([]byte, error)

์ด๋ ‡๊ฒŒ ๊ฐ™์€ ๊ธฐ๋Šฅ์„ ๋งŒ๋“ค์–ด๋‘์‹  ํŠน๋ณ„ํ•œ ์ด์œ ๊ฐ€ ์žˆ๋‚˜์š”??

remove key ๋ฉ”๋ชจ๋ฆฌ์ƒ์—์„œ๋„ ํ•„์š”ํ• ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค!

์ง€๊ธˆ remove key๊ฐ€ ํ‚ค ํŒŒ์ผ์„ ์ง€์šฐ๋Š” ๊ธฐ๋Šฅ๋งŒ ํ•˜๊ณ  ์žˆ๋Š”๋ฐ,,

private key์˜ ๊ฒฝ์šฐ์—” ํ•„์š”ํ•œ ๊ฒฝ์šฐ์—๋งŒ ๋ฉ”๋ชจ๋ฆฌ์— ์˜ฌ๋ฆฌ๋Š” ๊ฒƒ์ด ์•ˆ์ „ํ• ๊ฒƒ ๊ฐ™์•„์„œ ์–ด๋–ค ํ˜•ํƒœ๋กœ๋“  ๋ฉ”๋ชจ๋ฆฌ์—์„œ private key๋ฅผ ์ง€์šฐ๋Š” ๊ธฐ๋Šฅ(?)์ด ๋ช…์‹œ์ ์œผ๋กœ ํ•„์š”ํ•˜์ง€ ์•Š์„๊นŒ์š”?

์˜ˆ๋ฅผ ๋“ค๋ฉด ๋ช‡๋ถ„์˜ ์‹œ๊ฐ„์„ ์„ค์ •ํ•˜๊ณ  keyManager๊ฐ€ sign์ดํ›„์— ๊ทธ ์‹œ๊ฐ„์ด ์ง€๋‚˜๋ฉด key๋ฅผ ๋ชจ๋‘ ์ดˆ๊ธฐํ™”ํ•˜๊ฑฐ๋‚˜.. ๊ฐ€์žฅ ์•ˆ์ „ํ•œ๊ฑด 1 sign 1 load๊ฒ ์ง€๋งŒ.. ์ด๊ฑด ๋ถ€ํ•˜๊ฐ€ ์ƒ๊ธธ๊ฒƒ ๊ฐ™๊ธฐ๋„ ํ•ด์„œ์š”.. :(

SKI(Subject Key Identifier)

Key ID ์ƒ์„ฑ์— ๋Œ€ํ•œ ๋‚ด์šฉ์„ ๋‹ด์€
RFC 5280์— ์ด์–ด์„œ ๋‚˜์˜จ RFC 7093์— ๋”ฐ๋ฅด๋ฉด

Key ID๋Š” bit stringํ˜•ํƒœ์˜ public key๋ฅผ SHA(256, 384, 512) ์—ฐ์‚ฐ ๊ฒฐ๊ณผ์˜ ์™ผ์ชฝ 160bits ์‚ฌ์šฉ์„ ๊ถŒ์žฅํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

bit stringํ˜•ํƒœ๋Š” public key์˜ curve, X, Y์ขŒํ‘œ๋ฅผ marshallํ•œ ๊ฐ’์œผ๋กœ ๋ณด์ž…๋‹ˆ๋‹ค.

ํ˜„์žฌ๋Š” ๊ทธ๋ƒฅ bit string์˜ SHA256์„ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

๋™์ž‘์€ ๋ฌธ์ œ ์—†์ง€๋งŒ ํ˜น์‹œ ๋ชจ๋ฅผ ๋ถˆ์ƒ์‚ฌ์— ๋Œ€๋น„ํ•ด์„œ.. ์ธ์ฆ์„œ๋‚ด์—๋„ SKI๊ฐ€ ๋“ค์–ด๊ฐ€๋ฏ€๋กœ ์ธ์ฆ์„œ๋ฅผ ์‚ฌ์šฉํ•˜๊ธฐ ์œ„ํ•ด ํ‘œ์ค€์— ๊ฐ€๊นŒ์šด RFC๋ฅผ ๋”ฐ๋ผ๊ฐ€๋Š” ๊ฒƒ์ด ์ข‹์„ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

readme ์ˆ˜์ •

์ง€๊ธˆ ๋ฒ„์ „์— ๋งž๊ฒŒ usage ecdsa๋กœ ์ˆ˜์ •
RSA ์ œ๊ฑฐ

๊ณ ๋ฏผํ•ด์•ผํ•  ๋ฌธ์ œ๋“ค.

  1. ๊ฐ ์˜ต์…˜๋“ค์˜ ํƒ€์ž… ์ผ์ฒดํ™”๋ฅผ ์œ„ํ•ด interface๋ฅผ ๋‘๊ณ  ๊ตฌํ˜„์ฒด๋ฅผ ๋งŒ๋“ค์—ˆ์œผ๋‚˜.. ๊ณ ๋ฏผ์ด ํ•„์š”

  2. key.ID() ํ•˜๋‚˜ ๋•Œ๋ฌธ์— certstore๊ฐ€ hecdsa ํŒจํ‚ค์ง€๋กœ ๋“ค์–ด๊ฐ.. ๊ณ ๋ฏผํ•ด๋ด์•ผํ•  ๋ฌธ์ œ

  3. key, auth ๊ธฐ๋Šฅ์„ ํŒจํ‚ค์ง€๋กœ ๋ถ„๋ฆฌํ•˜๋ ค๋ฉด..

  1. ํ‚ค์— getํ•จ์ˆ˜๋ฅผ ์ค˜์„œ ์ง์ ‘ ํ•„์š”ํ•œ ๊ฒฝ์šฐ์—๋Š” pri๋‚˜ pubํ‚ค๋ฅผ ์ด์šฉํ•  ์ˆ˜ ์žˆ๊ฒŒํ•˜๊ฑฐ๋‚˜,
  2. wrapping๋œ ํ‚ค์— ๋ฐ”๋กœ ์ ‘๊ทผํ•  ์ˆ˜ ์žˆ๊ฒŒ ๋Œ€๋ฌธ์ž ์Šคํƒ€ํŠธ๋กœ ํ•ด์ฃผ์–ด์•ผํ•จ..
    (์ ์šฉํ•œ๋‹ค๋ฉด ์ „์ž๊ฐ€ ๋‚˜์„๊ฒƒ์œผ๋กœ ๋ณด์ž„)
    ๊ณ ๋ฏผ์ด ํ•„์š”

Issue #35์—์„œ ์ œ์•ˆ๋œ ๋‚ด์šฉ ์ง„ํ–‰์ค‘์— ๋‹ค๋ฅธ ์ด์Šˆ๊ฐ€ ์ƒ๊ฒผ์Šต๋‹ˆ๋‹ค.

ํ—‰. 1๋ฒˆ ๋ถ€๋ถ„์€ ๋” ์ฐพ์•„๋ณด๋‹ˆ hyperledger์—์„œ๋„ ํŒŒ์ผ๋ช…์„ SKI๋กœ ์‚ฌ์šฉํ•˜๋Š”๊ตฐ์š”..! ํ•˜ํ•˜;

2๋ฒˆ ๋ถ€๋ถ„๋งŒ ๋ด์ฃผ์„ธ์š”!!

๊ทธ๋ฆฌ๊ณ  @yojkim ๋‹˜๊ป˜ ์ถ”๊ฐ€์ ์œผ๋กœ SKI ๊ด€๋ จ ์งˆ๋ฌธ์ด ์žˆ์Šต๋‹ˆ๋‹ค!
์ œ๊ฐ€ ์ƒ๊ฐํ•œ ๋‚ด์šฉ๊ณผ๋Š” ๋‹ค๋ฅด๊ฒŒ hyperledger ์†Œ์Šค๋ฅผ ๋ณด๋‹ˆ private key์˜ SKIํ•จ์ˆ˜์—์„œ๋„ ๊ฒฐ๊ตญ์€ public key๋ฅผ ๋ฐ”์ดํŠธ ํ˜•ํƒœ๋กœ ๋Œ์–ด๋‚ด์„œ public key์˜ SKI๋ฅผ ๊ตฌํ•˜๋Š” ๊ฒƒ์„ ํ™•์ธํ–ˆ์Šต๋‹ˆ๋‹ค.
์ €ํฌ ์†Œ์Šค์—์„œ ecdsa๋Š” ์ž˜๋˜์–ด์žˆ๋Š”๊ฒƒ ๊ฐ™์€๋ฐ rsa์—์„œ๋Š” public key๋ฅผ ๋Œ์–ด๋‚ผ๋•Œ ์ƒ์ˆ˜(N:123, E:57)๋ฅผ ์‚ฌ์šฉํ•˜๊ฒŒ ๋˜์–ด ์žˆ๋Š”๋ฐ ์ด๊ฒŒ ์–ด๋–ค ์˜๋ฏธ๊ฐ€ ์žˆ๋Š” ์ˆซ์ž๋ฅผ ๋„ฃ์œผ์‹ ๊ฑด๊ฐ€์š”?

2. ํŠน๋ณ„ํ•œ ์˜๋ฏธ๊ฐ€ ์—†๋Š” ์ˆซ์ž๋ผ๋ฉด private key์— ๋‚ด์žฅ๋œ N, E๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์œผ๋กœ ์ˆ˜์ •ํ•˜๋ คํ•ฉ๋‹ˆ๋‹ค!

config detail ๊ตฌํ˜„

ํ˜„์žฌ๋Š” Simple, Default๋งŒ ๊ตฌํ˜„๋˜์–ด์žˆ์œผ๋ฏ€๋กœ
detailํ•œ configuration ๊ฐ€๋Šฅํ•œ ๊ธฐ๋Šฅ ๊ตฌํ˜„

authImpl.go์— NewAuth function์— ๋Œ€ํ•œ ์งˆ๋ฌธ์ž…๋‹ˆ๋‹ค!

signers := make(map[reflect.Type]signer)
signers[reflect.TypeOf(&key.RSAPrivateKey{})] = &RSASigner{}
signers[reflect.TypeOf(&key.ECDSAPrivateKey{})] = &ECDSASigner{}

๋””๋ฒ„๊ทธ๋ฅผ ํ•˜๋‹ค๋ณด๋‹ˆ NewAuth function๋‚ด์— ์žˆ๋Š” ์œ„ ์ฝ”๋“œ๊ฐ€ ๊ฑธ๋ ค์„œ์š”.
ํƒ€์ž…์— ๋”ฐ๋ผ ๋‹ค๋ฅธ ์ข…๋ฅ˜์˜ signer๋ฅผ ์ €์žฅํ•˜๋ ค๋Š” ์˜๋„์ด์‹ ๊ฑด์ง€..
์•„๋‹ˆ๋ฉด ๋ฏธ๋ฆฌ ๋‘ ํƒ€์ž… ๋ชจ๋‘์˜ signer๋ฅผ ์ดˆ๊ธฐํ™”ํ•˜์‹œ๋Š” ๊ฒƒ์„ ์˜๋„ํ•˜์‹ ๊ฑด์ง€..
๊ถ๊ธˆํ•ฉ๋‹ˆ๋‹ค!

20180328_125013

์ด์œ ๋Š” ์œ„ ์ด๋ฏธ์ง€์™€ ๊ฐ™์ด ๋งŒ๋“ค์–ด๋‘์‹  RSA sample๋กœ ๋””๋ฒ„๊ทธํ• ๋•Œ ์œ„ ์ฝ”๋“œ๋ฅผ ์ง€๋‚˜๊ฐ€๋„ signers ๋ณ€์ˆ˜์— RSA Signer๋งŒ ์ดˆ๊ธฐํ™”๋˜๋Š”๊ฒƒ์œผ๋กœ ๋ณด์—ฌ์„œ์š”.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.