I embarrassingly haven't sustained much understanding of golang ... I wanted to convert my box keys to signify-nacl keys but it seems the formats are different; my own signature doesn't verify when I just copy the bytes. Do you know if there is a way to use cargo from an offline system? This would help inspire me to understand golang better. On 10/12/20, Stefan Claas <sac@300baud.de> wrote:
Karl wrote:
Also attached to resolve pasting corruption. Document includes only through the ---- armor. As it says inside the document, signature is calculated with tail -n +4 | head -n -8 | sha512sum .
-----BEGIN NaCl SIGNED MESSAGE----- Hash: tail -n +4 | head -n -8 | sha512sum
Most interesting with what you came up with, because my MUA saves then your message as it should be. However, unfortunately the included hash does not match. :-(
BTW. are you aware that the NaCl crypto library has also a sign function?
It would then require a second key, same as with GnuPG, but maybe also worth to explore, because you are a programmer.
Here is a sample implementation in Golang, which unfortunately writes the signature as binary instead of (base64) ASCII.
https://github.com/UNO-SOFT/signify-nacl
Regards Stefan
-- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.