kamu-snap-crypto
Framework-agnostic cryptography for Bank Indonesia SNAP BI integrations.
What this crate is
The cryptographic spine shared by every PT IMMER SNAP BI consumer (client and server). Exposes:
| Item | Purpose |
|---|---|
HmacSigner |
HMAC-SHA512 sign/verify, constant-time verify, &self (no Mutex) |
RsaSigner<S> / RsaVerifier<S> |
PKCS#8-only RSA, generic over a sealed SignatureScheme |
Pkcs1v15Sha256 / Pkcs1v15Sha512 / PssSha256 / PssSha512 |
Built-in schemes |
Signature + Encoding |
Encoding-agnostic raw signature bytes |
snap_bi (feature snap-bi, default on) |
Canonical SNAP BI recipes |
webhook (feature webhook, default on) |
Provider-extensible webhook verifier |
30-second quickstart
use HmacSigner;
let signer = new?;
let sig = signer.sign;
println!;
signer.verify?; // constant-time
# Ok::
For a full SNAP BI service-call signing flow including stringToSign,
timestamp, and headers, see examples/sign_snap_bi_request.rs.
SNAP BI recipes (feature snap-bi)
use Method;
use ;
let method = POST;
let timestamp = now_jakarta_seconds;
let parts = ServiceStringToSign ;
let sig = sign_service?;
// sig is encoding-agnostic — pick base64 or hex at call site
println!;
# Ok::
Webhook verification (feature webhook)
use HeaderMap;
use ;
let verifier = InacashCashoutVerifier ;
let headers: HeaderMap = todo!;
let body: & = todo!;
verifier.verify?;
# Ok::
Security guarantees
#![forbid(unsafe_code)]. Nounsafeblock anywhere in this crate.- Constant-time verification: HMAC uses
hmac::Mac::verify_slice; RSA usesrsa::signature::Verifier::verify. Both are constant-time per upstream guarantees. - PKCS#8 enforcement: PKCS#1 PEMs are rejected by upstream parsers. Convert with
openssl pkcs8 -topk8 -nocrypt -in pkcs1.pem -out pkcs8.pem. - No HTTP framework coupling: leaf crate.
wasm32-unknown-unknowncompiles require the consumer to enablegetrandom/js(pulled in viarsa).
Encodings
Signature is encoding-agnostic. Pick at the call site:
# use ;
# let signer = new.unwrap;
let sig = signer.sign;
sig.to_base64;
sig.to_hex_lower;
sig.to_base64_url_nopad;
sig.encode;
Decoders mirror via Signature::from_base64, from_hex, from_base64_url_nopad, and the Signature::decode(s, enc) dispatcher.
Feature flags
| Feature | Default | Purpose |
|---|---|---|
snap-bi |
on | stringToSign builders, SHA helpers, Jakarta timestamp formatters, header builders |
webhook |
on | WebhookVerifier trait + Inacash + BRI VA built-ins |
Disable with default-features = false for pure-HMAC / pure-RSA usage (e.g. WASM).
Framework adapters
Inbound-verify glue per framework lives in adjacent crates:
kamu-snap-crypto-actix— actix-webverify_requesthelperkamu-snap-crypto-axum— axum/httpverify_requesthelper
Migration from v1.x
| v1.x | v2.0 |
|---|---|
SymmetricCrypto::create(s) |
HmacSigner::new(s) |
signer.sign(p) (&mut self, returns String) |
signer.sign(p) (&self, returns Signature) |
AsymmetricCryptoSigner |
RsaSigner (default = RsaSigner<Pkcs1v15Sha256>) |
signer.sign_as_base64(p) |
signer.sign(p).to_base64() |
AsymmetricCryptoVerifier::verify_base64(s, p) |
verifier.verify(&Signature::from_base64(s)?, p) |
| (no helpers) | snap_bi::sign_service, sha256_lower_hex, etc. |
From<CryptoError> for ResponseError moved to kamu-snap-response behind its crypto feature.
License
Dual-licensed under either MIT or Apache-2.0 at
your option (MIT OR Apache-2.0). Previously MIT-only in pt-immer/lib-snap.