dcrypt_api::traits::signature

Trait Signature

Source 
pub trait Signature {
    type PublicKey: Clone;
    type SecretKey: Zeroize + Clone;
    type SignatureData: Clone;
    type KeyPair;

    // Required methods
    fn name() -> &'static str;
    fn keypair<R: CryptoRng + RngCore>(rng: &mut R) -> Result<Self::KeyPair>;
    fn public_key(keypair: &Self::KeyPair) -> Self::PublicKey;
    fn secret_key(keypair: &Self::KeyPair) -> Self::SecretKey;
    fn sign(
        message: &[u8],
        secret_key: &Self::SecretKey,
    ) -> Result<Self::SignatureData>;
    fn verify(
        message: &[u8],
        signature: &Self::SignatureData,
        public_key: &Self::PublicKey,
    ) -> Result<()>;
}
Expand description

Core trait for digital signature algorithms

This trait defines the minimal interface that all signature algorithms must implement. It intentionally does not require AsRef or AsMut implementations for secret keys to prevent accidental key corruption.

§Type Safety

Secret keys are opaque types that cannot be directly manipulated as bytes. This prevents common security vulnerabilities where keys are accidentally modified or exposed.

§Example Implementation

See the implementation modules for examples of how to implement this trait for specific algorithms like Ed25519, ECDSA, etc.

Required Associated Types§

Source

type PublicKey: Clone

Public key type for this algorithm

Source

type SecretKey: Zeroize + Clone

Secret key type - must be zeroizable but not byte-accessible

§Security Note

This type should not implement AsMut<[u8]> to prevent corruption of key material. Use explicit serialization methods if needed.

Source

type SignatureData: Clone

Signature data type

Source

type KeyPair

Key pair type (typically a tuple of public and secret keys)

Required Methods§

Source

fn name() -> &'static str

Returns the name of this signature algorithm

Source

fn keypair<R: CryptoRng + RngCore>(rng: &mut R) -> Result<Self::KeyPair>

Generate a new key pair using the provided RNG

§Security Requirements

Implementations must use the provided cryptographically secure RNG for all random number generation.

Source

fn public_key(keypair: &Self::KeyPair) -> Self::PublicKey

Extract the public key from a key pair

Source

fn secret_key(keypair: &Self::KeyPair) -> Self::SecretKey

Extract the secret key from a key pair

Source

fn sign( message: &[u8], secret_key: &Self::SecretKey, ) -> Result<Self::SignatureData>

Sign a message with the given secret key

§Security Requirements
  • Implementations should be deterministic when possible (e.g., Ed25519)
  • Must not leak information about the secret key through timing
Source

fn verify( message: &[u8], signature: &Self::SignatureData, public_key: &Self::PublicKey, ) -> Result<()>

Verify a signature against a message and public key

§Security Requirements
  • Must be constant-time with respect to the signature value
  • Should validate all inputs before processing

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§