Add v3.public support

[aidantwoods]

No description provided.

[aidantwoods]

No Go language support for RFC 6979 (as suggested by the PASETO spec). However, the Go crypto library does address CSPRNG failures:

https://pkg.go.dev/crypto/ecdsa#pkg-overview

Package ecdsa implements the Elliptic Curve Digital Signature Algorithm, as defined in FIPS 186-4 and SEC 1, Version 2.0.

Signatures generated by this package are not deterministic, but entropy is mixed with the private key and the message, achieving the same level of security in case of randomness source failure.

This should be sufficient to meet the spec recommendations, but open to feedback on how to improve this. My preference is to defer to the Go crypto library where possible here, rather than writing a custom implementation of RFC 6979.

[paragonie-security]

Signatures generated by this package are not deterministic, but entropy is mixed with the private key and the message, achieving the same level of security in case of randomness source failure.

That's sufficient. From step 4 in the Version 3 spec (emphasis added):

4. Sign m2 using ECDSA over P-384 and SHA-384 with the private key sk.
   We'll call this sig. The output of sig MUST be in the format r || s
   (where ||means concatenate), for a total length of 96 bytes.
   • Signatures SHOULD use deterministic nonces (RFC 6979)
     if possible, to mitigate the risk of k-value reuse.
   • If RFC 6979 is not available in your programming language, ECDSA MUST use a CSPRNG
     to generate the k-value.
   • Hedged signatures (RFC 6979 + additional randomness to provide resilience to fault attacks)
     are allowed.

   sig = crypto_sign_ecdsa_p384(
       message = m2,
       private_key = sk
   );
   

[aidantwoods]

Really appreciate you taking a look. Thanks for confirming! 😃