Signing and decoding with RSA-SHA in GO

I'm trying to sign a string and later on verifying it with the public key. My verified result is empty. What am I doing wrong?

    package main

import (

func main() {
    signer, err := loadPrivateKey("private.pem");
    if err != nil {
        fmt.Errorf("signer is damaged: %v", err)

    toSign := "date: Thu, 05 Jan 2012 21:31:40 GMT";

    signed, err := signer.Sign([]byte(toSign))
    if err != nil {
        fmt.Errorf("could not sign request: %v", err)
    sig := base64.StdEncoding.EncodeToString(signed)
    fmt.Printf("Encoded: %v\n", sig)

    parser, perr := loadPublicKey("public.pem");
    if perr != nil {
        fmt.Errorf("could not sign request: %v", err)
    unsigned, err := parser.Unsign(signed);
     if err != nil {
        fmt.Errorf("could not sign request: %v", err)

    fmt.Printf("Decrypted: %v\n", base64.StdEncoding.EncodeToString(unsigned))    

// loadPrivateKey loads an parses a PEM encoded private key file.
func loadPublicKey(path string) (Unsigner, error) {
        data, err := ioutil.ReadFile(path)

        if err != nil {
                return nil, err
        return parsePublicKey(data)

// parsePublicKey parses a PEM encoded private key.
func parsePublicKey(pemBytes []byte) (Unsigner, error) {
        block, _ := pem.Decode(pemBytes)
        if block == nil {
                return nil, errors.New("ssh: no key found")

        var rawkey interface{}
        switch block.Type {
        case "PUBLIC KEY":
                rsa, err := x509.ParsePKIXPublicKey(block.Bytes)
                if err != nil {
                        return nil, err
                rawkey = rsa
                return nil, fmt.Errorf("ssh: unsupported key type %q", block.Type)

        return newUnsignerFromKey(rawkey)

// loadPrivateKey loads an parses a PEM encoded private key file.
func loadPrivateKey(path string) (Signer, error) {
        data, err := ioutil.ReadFile(path)
        if err != nil {
                return nil, err
        return parsePrivateKey(data)

// parsePublicKey parses a PEM encoded private key.
func parsePrivateKey(pemBytes []byte) (Signer, error) {
        block, _ := pem.Decode(pemBytes)
        if block == nil {
                return nil, errors.New("ssh: no key found")

        var rawkey interface{}
        switch block.Type {
        case "RSA PRIVATE KEY":
                rsa, err := x509.ParsePKCS1PrivateKey(block.Bytes)
                if err != nil {
                        return nil, err
                rawkey = rsa
                return nil, fmt.Errorf("ssh: unsupported key type %q", block.Type)
        return newSignerFromKey(rawkey)

// A Signer is can create signatures that verify against a public key.
type Signer interface {
        // Sign returns raw signature for the given data. This method
        // will apply the hash specified for the keytype to the data.
        Sign(data []byte) ([]byte, error)

// A Signer is can create signatures that verify against a public key.
type Unsigner interface {
        // Sign returns raw signature for the given data. This method
        // will apply the hash specified for the keytype to the data.
        Unsign(data []byte) ([]byte, error)

func newSignerFromKey(k interface{}) (Signer, error) {
        var sshKey Signer
        switch t := k.(type) {
        case *rsa.PrivateKey:
                sshKey = &rsaPrivateKey{t}
                return nil, fmt.Errorf("ssh: unsupported key type %T", k)
        return sshKey, nil

func newUnsignerFromKey(k interface{}) (Unsigner, error) {
        var sshKey Unsigner
        switch t := k.(type) {
        case *rsa.PublicKey:
                sshKey = &rsaPublicKey{t}
                return nil, fmt.Errorf("ssh: unsupported key type %T", k)
        return sshKey, nil

type rsaPublicKey struct {

type rsaPrivateKey struct {

// Sign signs data with rsa-sha256
func (r *rsaPrivateKey) Sign(data []byte) ([]byte, error) {
        h := sha256.New()
        d := h.Sum(nil)
        return rsa.SignPKCS1v15(rand.Reader, r.PrivateKey, crypto.SHA256, d)

// Unsign encrypts data with rsa-sha256
func (r *rsaPublicKey) Unsign(message []byte) ([]byte, error) {  
        return rsa.EncryptPKCS1v15(rand.Reader, r.PublicKey, message)        

private.pem looks like this:


And public.pem:

-----END PUBLIC KEY-----


1 Answers

The problem in your code is that Unsign tries to Encode the signature instead of using it to verify the original message.

There need to be changes made to the Interface and to Unsign:

// Unsign verifies the message using a rsa-sha256 signature
func (r *rsaPublicKey) Unsign(message []byte, sig []byte) error {
    h := sha256.New()
    d := h.Sum(nil)
    return rsa.VerifyPKCS1v15(r.PublicKey, crypto.SHA256, d, sig)

Here is a playground example of verification: http://play.golang.org/p/bzpD7Pa9mr

Some modifications has also been made to avoid ioutils.

