sign a SHA-256 hash with DSA in Go

Question

I want to sign a SHA-256 hash with DSA.

Using Java I can write:

 Signature sig = Signature.getInstance("SHA256withDSA");
 sig.initSign(priKey);
 sig.update(new byte[]{1});
 byte[] sign = sig.sign();
 System.out.println(HexUtil.encodeHexStr(sign));

Using the Go language, I couldn't find any way to resolve it

Answer 1

The only instance of checking a DSAWithSHA256 signature in go is in github.com/avast/apkverifier

    case x509.DSAWithSHA256:
        hash := sha256.Sum256(signed)
        pub := cert.PublicKey.(*dsa.PublicKey)
        reqLen := pub.Q.BitLen() / 8
        if reqLen > len(hash) {
            return fmt.Errorf("Digest algorithm is too short for given DSA parameters.")
        }
        digest := hash[:reqLen]

        dsaSig := new(dsaSignature)
        if rest, err := asn1.Unmarshal(signature, dsaSig); err != nil {
            return err
        } else if len(rest) != 0 {
            return errors.New("x509: trailing data after DSA signature")
        }
        if dsaSig.R.Sign() <= 0 || dsaSig.S.Sign() <= 0 {
            return errors.New("x509: DSA signature contained zero or negative values")
        }
        if !dsa.Verify(pub, digest, dsaSig.R, dsaSig.S) {
            return errors.New("x509: DSA verification failure")
        }

But actually using the signature algorithm is indeed unsupported, for reason illustrated in github.com/grantae/certinfo

Issues:

1. Unfortunately, OpenSSL uses non-deterministic signing for DSA and ECDSA certificate requests, so running make-certs.sh will not reproduce the same CSRs despite having static keys.
   These files have to be kept in-sync manually.

2. The x509 package does not currently set CertificateRequest.SignatureAlgorithm for DSA CSRs.
   Therefore the 'leaf2.csr.text' contains the line 'Signature Algorithm: 0' instead of 'Signature Algorithm: DSAWithSHA256' to allow the test to pass and indicate that the problem is with x509 and not this package.

Hence its unsupported status in Go crypto/x509 package.