从自述文件:
ECDSA签名方法(ES256,ES384,ES512)期望 ecdsa.PrivateKey进行签名,而 ecdsa.PublicKey进行验证
因此,使用椭圆曲线键:
package mainimport ( "crypto/ecdsa" "crypto/elliptic" "crypto/rand" "log" jwt "github.com/dgrijalva/jwt-go")func main() { key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { log.Fatal(err) } claims := &jwt.StandardClaims{ ExpiresAt: 15000, Issuer: "test", } token := jwt.NewWithClaims(jwt.SigningMethodES256, claims) tokenString, err := token.SignedString(key) if err != nil { log.Fatal(err) } log.Println(tokenString)}要存储生成的密钥以供以后与jwt.ParseECPrivateKeyFromPEM和jwt.ParseECPublicKeyFromPEM一起使用:
import ( "crypto/ecdsa" "crypto/x509" "encoding/pem")func pemKeyPair(key *ecdsa.PrivateKey) (privKeyPEM []byte, pubKeyPEM []byte, err error) { der, err := x509.MarshalECPrivateKey(key) if err != nil { return nil, nil, err } privKeyPEM = pem.EnpreToMemory(&pem.Block{ Type: "EC PRIVATE KEY", Bytes: der, }) der, err = x509.MarshalPKIXPublicKey(key.Public()) if err != nil { return nil, nil, err } pubKeyPEM = pem.EnpreToMemory(&pem.Block{ Type: "EC PUBLIC KEY", Bytes: der, }) return}
