signStream abstract method
Sign data
with this RSASSA-PSS private key.
Returns a signature as a list of raw bytes. This uses the Hash
specified when the key was generated or imported. The length of the
salt is specified in bytes using saltLength
.
If the saltLength
is zero the signature is deterministic.
The saltLength
is typically zero or length of the Hash, for a
discussion of appropriate values for saltLength
see
RFC 3447 Section 9.1, Notes 4.
When running in Safari/WebKit on Mac the saltLength
is restricted to
0 <= saltLength <= hashLength
as the underlying cryptography libraries
follow FIPS 186-4, Section 5.5, Step (e).
Example
import 'dart:convert' show base64;
import 'dart:io' show File;
import 'package:webcrypto/webcrypto.dart';
import 'package:pem/pem.dart';
// Read prviate key data from PEM encoded block. This will remove the
// '----BEGIN...' padding, decode base64 and return encoded bytes.
List<int> keyData = PemCodec(PemLabel.privateKey).decode("""
-----BEGIN PRIVATE KEY-----
MIGEAgEAMBAGByqG...
-----END PRIVATE KEY-----
""");
// Import private key from binary PEM decoded data.
final privatKey = await RsaPssPrivateKey.importPkcs8Key(
keyData,
Hash.sha256,
);
// Use the same salt for signing and verifying.
// In this case we're using the length of the hash function, divided by 8
// to as saltLength must be specified in bytes.
const saltLength = 256 / 8;
// Create a signature for message read directly from file.
final signature = await privateKey.signStream(
File('message.txt').openRead(),
saltLength,
);
print('signature: ${base64.encode(signature)}');
Implementation
Future<Uint8List> signStream(Stream<List<int>> data, int saltLength);