GenerateKey
key, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil { log.Fatal(err) }crypto/rsa
RSA signing, OAEP encryption, PSS signatures. Use 2048+ bit keys; prefer Ed25519/ECDSA for new systems.
Generate a key
Signing and encryption
Sign with PSS (preferred over PKCS#1 v1.5)
hash := sha256.Sum256(msg)
sig, _ := rsa.SignPSS(rand.Reader, key, crypto.SHA256, hash[:], nil)
err := rsa.VerifyPSS(&key.PublicKey, crypto.SHA256, hash[:], sig, nil)Encrypt with OAEP
ct, _ := rsa.EncryptOAEP(sha256.New(), rand.Reader, &key.PublicKey, msg, nil)
pt, _ := rsa.DecryptOAEP(sha256.New(), rand.Reader, key, ct, nil)