An implementation of the HTTP Signatures RFC

HTTP Signatures

This crate is used to create and verify HTTP Signatures, defined here. It has support for Hyper, Rocket, and Reqwest types. In the future, I might also support Iron middleware for verification. documentation

Running the examples

Each example is hosted within it's own crate in the examples folder

The hyper examples are configured to talk to eachother by default. The server runs on port 3000, and the client POSTs on port 3000. They also use the Signature header to sign and verify the request.

The actix-web example also listens on port 3000, and can be tested with the hyper client.

The rocket 3 server and the rocket 4 server listen on port 8000, and the reqwest client can be used to interact with it. These examples use the Authorization header to sign and verify the request.


With Actix Web

Add this to your Cargo.toml

version = "0.5"
features = ["use_actix_web"]

Use it in your application like this.

const PHRASE: &str = "Hewwo, Mr. Obama???";

#[derive(Debug, Fail)]
#[fail(display = "Error verifying signature, {}", _0)]
pub struct Error(#[cause] http_signatures::Error);

impl ResponseError for Error {}

pub struct MyState {
    arc: Arc<Vec<u8>>,

fn index((req, state): (HttpRequest<MyState>, State<MyState>)) -> impl Responder {
    let verified = req.verify_signature_header(Input::from(&state.arc));

    verified.map_err(|e| Error(e.into())).map(|_| {
            .content_length(PHRASE.len() as u64)
            .body(format!("{}", PHRASE))

fn main() -> Result<(), Box<dyn Fail> {
    let mut key_file = File::open("../../tests/assets/public.der")?;
    let mut key_file_vec = Vec::new();
    key_file.read_to_end(&mut key_file_vec)?;
    let key_arc = Arc::new(key_file_vec);

    let state = MyState { arc: key_arc };

    server::new(move || App::with_state(state.clone()).resource("/", |r| r.with(index)))
        .expect("Can not bind to port 3000")


With Hyper

Add this to your Cargo.toml

version = "0.5"
features = ["use_hyper"]

Use it when building a request as follows.

let client = Client::new();

let json = r#"{"library":"hyper"}"#;
let mut req = Request::post("http://localhost:3000")
    HeaderValue::from_str(&format!("{}", json.len()))?,

let key_id = "some-username-or-something";
// Add the HTTP Signature
    CreationKey::rsa(private_key, ShaSize::SHA256),

let post = client.request(req).and_then(|res| {
    println!("POST: {}", res.status());


tokio::run(|_| ()).map_err(|_| ()));

This is a very basic example server outline that should give you a general idea of how to set up a Hyper server that verifies HTTP Signatures. This is not meant to be code that actually works.

const PHRASE: &str = "Hewwo, Mr. Obama???";

fn main() -> Result<(), Box<dyn Error> {
    let mut key_file = File::open("../../tests/assets/public.der")?;
    let mut key_file_vec = Vec::new();
    key_file.read_to_end(&mut key_file_vec)?;
    let key_arc = Arc::new(key_file_vec);

    let service = move || {
        let key = Arc::clone(&key_arc);

        service_fn(move |req: Request<Body>| {
            let verified = req.verify_signature_header(Input::from(&key));

                .map_err(|e| format!("{:?}", e))
                .and_then(|_| {
                    println!("Succesfully verified request!");
                        .header(CONTENT_LENGTH, PHRASE.len() as u64)
                        .map_err(|e| format!("{:?}", e))

    let addr = "".parse()?;
    let server = Server::bind(&addr)
        .map_err(|e| eprintln!("server error: {}", e));


With Reqwest

Add this to your Cargo.toml

version = "0.5"
default-features = false
features = ["use_reqwest"]

In your code, use it when building a request as follows.

let key_id = "some-username-or-something".into();

let client = Client::new();
let mut req = client.get("http://localhost:8000").build()?;

req.with_authorization_header(key_id, CreationKey::rsa(private_key, ShaSize::SHA512))?;

let res = client.execute(req)?;

With Rocket

Rocket 3

Add this to your Cargo.toml

version = "0.5"
default-features = false
features = ["use_rocket"]
Rocket 4

Add this to your Cargo.toml

version = "0.5"
default-features = false
features = ["use_rocket4"]

In your code, use it in a route like so

struct Verified;

impl<'a, 'r> FromRequest<'a, 'r> for Verified {
    type Error = ();

    fn from_request(request: &'a Request<'r>) -> Outcome<Verified, ()> {
        let res = request
            .and_then(|key| {
                    .map_err(|e| println!("Error: {:?}", e))?;


        match res {
            Ok(verified) => Success(verified),
            Err(fail) => Failure((Status::Forbidden, fail)),

fn index(_verified: Verified) -> &'static str {
    "Successfully verified request"

fn main() -> Result<(), Box<dyn Error> {
    let mut key_file = File::open("../../tests/assets/public.der")?;
    let mut key_vec = Vec::new();
    key_file.read_to_end(&mut key_vec)?;

        .mount("/", routes![index])



