ic_auth_verifier 0.8.3

A Rust library used for integrating with IC-Auth.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

# `ic_auth_verifier`
![License](https://img.shields.io/crates/l/ic_auth_verifier.svg)
[![Crates.io](https://img.shields.io/crates/d/ic_auth_verifier.svg)](https://crates.io/crates/ic_auth_verifier)
[![Test](https://github.com/ldclabs/ic-auth/actions/workflows/test.yml/badge.svg)](https://github.com/ldclabs/ic-auth/actions/workflows/test.yml)
[![Docs.rs](https://img.shields.io/docsrs/ic_auth_verifier?label=docs.rs)](https://docs.rs/ic_auth_verifier)
[![Latest Version](https://img.shields.io/crates/v/ic_auth_verifier.svg)](https://crates.io/crates/ic_auth_verifier)

[IC-Auth](https://github.com/ldclabs/ic-auth) is a web authentication system based on the Internet Computer.

`ic_auth_verifier` is a Rust library for signing and verifying cryptographic signatures in the IC-Auth ecosystem.

## Features

- Verify signatures using multiple cryptographic algorithms:
  - Ed25519
  - ECDSA with secp256k1 curve
  - ECDSA with P-256 curve (secp256r1)
  - Internet Computer Canister Signatures
- Parse and validate DER-encoded public keys
- Compute various hash functions (SHA-256, SHA3-256, Keccak-256)
- Optional envelope functionality (enabled with the `envelope` feature)
- A thread-safe wrapper around an Identity implementation that can be atomically updated (enabled with the `identity` feature)

## Installation

Add this to your `Cargo.toml`:

```toml
[dependencies]
ic_auth_verifier = "0.8"
```

To enable the `envelope` feature:

```toml
[dependencies]
ic_auth_verifier = { version = "0.8", features = ["envelope"] }
```

To enable the `identity` feature (It can not be compiled in canister):
```toml
[dependencies]
ic_auth_verifier = { version = "0.8", features = ["identity"] }
```

## Usage

### Envelope Signing

Requires the `identity` feature.

```rust
use ic_auth_verifier::SignedEnvelope;

let identity = /* your ICP Identity */;

let message = b"message";
let envelope = SignedEnvelope::sign_message(&identity, message)?;
// Adds the SignedEnvelope to the Authorization header to be sent to the service which will verify the signature.
envelope.to_authorization(&mut headers)?;
// Or adds the SignedEnvelope components to the IC-Auth-* HTTP headers.
// envelope.to_headers(&mut headers)?;
```

### Envelope Verification

Requires the `envelope` feature.

```rust
use ic_auth_verifier::SignedEnvelope;
use std::time::{SystemTime, UNIX_EPOCH};

let envelope = SignedEnvelope::from_authorization(&headers).unwrap();
// Verify the envelope
let now_ms = SystemTime::now()
  .duration_since(UNIX_EPOCH)
  .unwrap()
  .as_millis() as u64;
envelope.verify(now_ms, None, None)?;
```

## License
Copyright © 2024-2025 [LDC Labs](https://github.com/ldclabs).

`ldclabs/ic-auth` is licensed under the MIT License. See [LICENSE](../../LICENSE) for the full license text.