web-bot-auth
A pure Rust implementation of web-bot-auth as defined by draft-meunier-web-bot-auth-architecture.
Tables of Content
Features
- Plug-and-play HTTP message signature support: generate and verify signatures for any arbitrary HTTP message, independent of framework or library, by implementing the traits
UnsignedMessage/SignedMessage. - Out-of-the-box support for verifying and generating secure
web-bot-authsignatures specifically.
Usage
- Signing a message: See signing.rs to generate the contents of
SignatureandSignature-Inputheader for the tagweb-bot-auth. - Verifying a Web Bot Auth message: See verify.rs.
- Verifying an arbitrary message signature, not necessarily
web-bot-auth: See verify_arbitrary.rs.
Security Considerations
This software has not been audited. Please use at your sole discretion.
License
This project is under the Apache-2.0 license.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be Apache-2.0 licensed as above, without any additional terms or conditions.