libsignify-rs 0.4.0

OpenBSD-compatible file signing & verification library
Documentation

libsignify-rs - OpenBSD-compatible file signing & verification library

crates.io docs.rs docs license: ISC build status

A Rust library for cryptographically signing and verifying files using the Ed25519-based format defined by OpenBSD's signify utility.

Usage

This crate exports a Builder-based API for ergonomic use in Rust applications.

use std::fs;
use std::path::Path;

use libsignify_rs::{KeyGenerator, Signer, Verifier};

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let key_pub = Path::new("key.pub");
    let key_sec = Path::new("key.sec");
    let msg_file = Path::new("message.txt");
    let sig_file = Path::new("message.txt.sig");

    // Generate a new key pair.
    KeyGenerator::new()
        .comment("Heavy is the root of light. Still is the master of moving.")
        .generate(key_pub, key_sec)?;

    // Create a file to sign.
    fs::write(msg_file, "Change return success. Going and coming without error. Action brings good fortune.")?;

    // Sign the file
    Signer::new()
        .seckey(key_sec)
        .sign(msg_file, sig_file)?;

    // Verify the signature.
    Verifier::new()
        .pubkey(key_pub)
        .verify(msg_file, sig_file)?;

    Ok(())
}

Usage with keyrings(7)

The Signify struct provides a high-level configuration interface. On Linux/Android, it supports kernel keyrings(7) integration for secure passphrase management.

use std::path::PathBuf;
use libsignify_rs::signify::{Mode, Signify};

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let key_pub = PathBuf::from("key.pub");
    let key_sec = PathBuf::from("key.sec");
    let msg_file = PathBuf::from("msg.txt");

    // 1. Generate Key Pair.
    let mut signify = Signify::default();
    signify.mode = Some(Mode::Generate);
    signify.pubkey = Some(key_pub.clone());
    signify.seckey = Some(key_sec.clone());
    signify.comment = Some("keyring-example".to_string());

    // On Linux/Android, setting key_id enables keyring integration.
    // The passphrase will be read from or stored in the kernel session keyring.
    signify.key_id = Some(1337);

    signify.execute()?;

    // 2. Sign a file.
    signify.mode = Some(Mode::Sign);
    signify.msg_file = Some(msg_file.clone());

    // Signature file path is automatically derived (msg.sig) if not set.
    signify.execute()?;

    // 3. Verify.
    signify.mode = Some(Mode::Verify);
    signify.quiet = true;
    signify.execute()?;

    Ok(())
}

Features

  • Strict Compatibility: Adheres strictly to the OpenBSD file format and verification logic.
  • Pure Rust: No unsafe code, no arithmetic side effects.
  • Keyring Support: On Linux/Android, integrates with kernel keyrings(7) for secure passphrase management.

ChangeLog

See ChangeLog.md

License

ISC. See COPYING.