Struct SignedPayload 

pub struct SignedPayload<T: Serialize + DeserializeOwned> { /* private fields */ }

A utility for working with digitally signed payloads.

SignedPayload allows encapsulating a payload of type T with a digital signature, which can be encoded and decoded for secure transport.

Type Parameters

• T: The payload type, which must implement Serialize and DeserializeOwned.
• H: The hashing algorithm, which must implement Digest (default is Sha3_384).

Examples

Creating a new SignedPayload:

let payload = SignedPayload::<String>::new("Hello, world!".to_string());

Implementations

impl<T: Serialize + DeserializeOwned> SignedPayload<T>

pub fn new(payload: T) -> Self

Creates a new SignedPayload with the provided payload.

Parameters

• payload: The data to be encapsulated in the SignedPayload.

pub fn encode_and_sign( &self, key: &(impl BwSigner + ?Sized), ) -> Result<Vec<u8>, BwError>

Encodes the payload and its signature into a byte vector.

The payload is serialized and signed using the provided cryptographic key. The signature and serialized payload are concatenated and returned as a Vec<u8>.

Parameters

• key: The cryptographic key used for signing.

Returns

A Result containing the encoded payload and signature, or a BwError if an error occurs.

Example

let key = EdDsaKey::generate().unwrap();
let payload = SignedPayload::<String>::new("Hello, world!".to_string());
let signed_payload = payload.encode_and_sign(&key).unwrap();

pub fn decode_and_verify( bytes: &[u8], key: &(impl BwVerifier + ?Sized), ) -> Result<Self, BwError>

Decodes a signed payload, verifying its signature in the process.

The method splits the input bytes into signature and payload, verifies the signature, and then deserializes the payload, returning a SignedPayload instance.

Parameters

• bytes: The signed payload and signature bytes.
• key: The cryptographic key used for verification.

Returns

A Result containing a SignedPayload instance or a BwError if decoding or verification fails.

Example

let key = EdDsaKey::generate().unwrap();
let payload = SignedPayload::<String>::new("Hello, world!".to_string());
let signed_bytes = payload.encode_and_sign(&key).unwrap();
let decoded_payload = SignedPayload::<String>::decode_and_verify(&signed_bytes, &key)
    .unwrap();
assert_eq!(*decoded_payload, *payload);

pub fn decode(bytes: &[u8]) -> Result<SignedPayloadUnverified<T>, BwError>

Decodes a byte slice into an unverified signed payload.

This function attempts to decode the given byte slice into a SignedPayloadUnverified struct, which contains the raw bytes, the deserialized payload, and a type marker for the digest algorithm used.

The decoding process ignores the signature, meaning that the payload is not verified during this step. It allows the caller to inspect the payload before deciding on further actions, such as verification with the appropriate key.

Arguments

• bytes - A slice of bytes representing the signed message to be decoded.

Returns

This function returns a Result which is:

• Ok(SignedPayloadUnverified<T, H>) when decoding is successful. The generic T represents the payload type, while H refers to the digest algorithm’s marker type.
• Err(BwError) when the byte slice does not meet the minimum length requirement or if the deserialization of the payload fails. BwError::InvalidTokenFormat is returned in such cases.

Errors

This function will return an error in the following situations:

• If the length of bytes is less than MIN_TOKEN_LENGTH, indicating that the byte slice is too short to contain a valid signed message.
• If the deserialization of the payload using bincode fails, which may indicate corruption or an invalid format.

Examples

let signed_bytes = signed_payload.encode_and_sign(&key).unwrap();
let decoded_unverified = SignedPayload::<String>::decode(&signed_bytes)?;

// You can now inspect the result without verifying the signature
assert_eq!(*decoded_unverified, *signed_payload);
// To verify the signature, further steps are needed involving the payload and a verification key
let decoded_verified = decoded_unverified.verify(&key)?;

Security

The returned SignedPayloadUnverified has not been checked for authenticity or integrity. It is crucial to not trust the contents until after a successful signature verification step.

pub fn encode_and_sign_salted( &self, salt: &[u8], key: &(impl BwSigner + ?Sized), ) -> Result<Vec<u8>, BwError>

pub fn decode_and_verify_salted( bytes: &[u8], salt: &[u8], key: &(impl BwVerifier + ?Sized), ) -> Result<Self, BwError>

pub fn into_payload(self) -> T

Trait Implementations

impl<T: Serialize + DeserializeOwned> AsRef<T> for SignedPayload<T>

fn as_ref(&self) -> &T

Converts this type into a shared reference of the (usually inferred) input type.

impl<T: Clone + Serialize + DeserializeOwned> Clone for SignedPayload<T>

fn clone(&self) -> SignedPayload<T>

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<T: Debug + Serialize + DeserializeOwned> Debug for SignedPayload<T>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<T: Serialize + DeserializeOwned> Deref for SignedPayload<T>

type Target = T

The resulting type after dereferencing.

fn deref(&self) -> &<Self as Deref>::Target

Dereferences the value.

impl<K: Serialize + DeserializeOwned + PartialEq> PartialEq for SignedPayload<K>

fn eq(&self, other: &Self) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.