Expand description
This crate is a simple digital signature crate and can be used to verify data integrity by using public-key cryptography. It uses the “super-fast, super-secure” elliptic curve and digital signature algorithm Ed25519.
It provides the struct Certificate
, which holds the public key, metadata and a signature.
§The basics
A Certificate
can be signed by a master key, or another Certificate
. The top-most Certificate
must be signed with the master key, or it will not be valid. For validation, the master public
key will be given. This way, a Certificate
can only be valid, if it has been signed with a
trust chain, which top-most Certificate
has been signed with the right private key.
See also here.
§Other crates
To use the edcert ecosystem, there are a few other crates to make your life simpler:
- edcert-letter, which provides a container for signed data, Letter<T>.
- edcert-restrevoke, which provides a REST-based revokation system.
- edcert-compressor, which provides methods to
(de)compress
Certificate
s using JSON/LZMA and manages loading/saving certificates for you. - edcert-tools, which provides a binary for generation, signing, validation, etc using edcert (and all of the above).
Modules§
- This module contains the most important struct of this crate: The Certificate It holds a public key, meta data and a signature. It can also optionally hold a private key and sign data.
- This module contains a wrapper around the libsodium implementation of ed25519. It reduces the size of signatures to 64 byte.
- This module contains the trait
Fingerprint
. It provides a fingerprint() method, which is used in cryptographic context to identify some value. For example, aCertificate
implementsFingerprint
and returns its public key on fingerprint(). On the other hand, secure containers (like Letterin edcert-letter) could return a hash of the contained value. - This module contains the struct which holds the meta data of a Certificate.
- This module provides a revoker, which can be used to check if a certificate has been revoked.
- This module provides a validator, which analyzes the trust chain to validate a Certificate.
- This module contains the signature struct, a container for the Ed25519 signature and a reference to the signer.
- This module provides a validator, which analyzes the trust chain to validate a Certificate but instead of a single master signature, it uses a set of trusted certificates for validation.
- This module contains the
Validator
, which can be used to validateCertificate
s, as well as some traits used by the struct.
Functions§
- This is a simple copy function. This should be equivalent to memcpy.