pub fn build_proof(
mode: AshMode,
binding: &str,
context_id: &str,
nonce: Option<&str>,
canonical_payload: &str,
) -> Result<String, AshError>Expand description
Build a cryptographic proof for request integrity.
The proof is computed as:
proof = BASE64URL(SHA256(
"ASHv1\n" +
mode + "\n" +
binding + "\n" +
contextId + "\n" +
(nonce + "\n" if present) +
canonicalPayload
))§Arguments
mode- Security mode (minimal, balanced, strict)binding- Canonical binding (e.g., “POST /api/update”)context_id- Context ID from servernonce- Optional nonce for server-assisted modecanonical_payload- Canonicalized payload string
§Example
use ash_core::{build_proof, AshMode};
let proof = build_proof(
AshMode::Balanced,
"POST /api/profile",
"ctx_abc123",
None,
r#"{"name":"John"}"#,
).unwrap();
println!("Proof: {}", proof);