Expand description

A rust re-implementation of the Python library itsdangerous.

Essentially, this crate provides various helpers to pass data to untrusted environments and get it back safe and sound. Data is cryptographically signed to ensure that it has not been tampered with.


  • Signer, a signer that signs/unsigns arbitrary values.
  • TimestampSigner, a signer that signs/unsigns arbitrary values attaching a signed timestamp so you know when the value was signed.

Basic Example

use std::time::Duration;
use itsdangerous::{default_builder, Signer};

// Create a signer using the default builder, and an arbitrary secret key.
let signer = default_builder("secret key").build();

// Sign an arbitrary string, and send it somewhere dangerous.
let signed = signer.sign("hello world!");

// Unsign the string and validate that it hasn't been tampered with.
let unsigned = signer.unsign(&signed).expect("Signature was not valid");
assert_eq!(unsigned, "hello world!");



Error that occurs when trying to construct a Separator with a char is in the base64 url-safe alphabet.

The MultiSerializer provides the ability to sign values with a given serializer, but also try a series of fallback serializers. This is useful if you are rotating keys, and want to sign things using a new key, but allow an old serializer to unsign values.

A separator character that can be used in crate::SignerBuilder::with_separator.

Represents a value + timestamp that has been successfully unsigned by TimedSerializer::unsign.

Represents a value + timestamp that has been successfully unsigned by TimestampSigner::unsign.

An UnverifiedValue is just that. A deserialized value that has not been verified against against a signer. This is useful if you want to deserialize something without verifying the signature, because you might need data in the unsigned value in order to look up the signing key in a database somewhere.


Errors that can occur while unsigning a “signed value”.

Errors that can occur while unsigning a “signed value” using the timed signer.


Returns a referenec to the underlying Signer.

A signer can sign and unsign bytes, validating the signature provided.

A TimestampSigner wraps an inner Signer, giving it the ability to dish out signatures with timestamps.


Constructs a default signer builder, using the sha1 digest, hmac, and the django concat key derivation.