Skip to main content

Crate librustysigs

Crate librustysigs 

Source
Expand description

§Rusty-Sigs (Library)

Author: [silene | 0x20CB | DionysianMyst | 0.25]

Date Published: July 2025

§Description

This library is used for the interface for rusty-sigs verification of identities and other security-related functionality.

§TODO

  • Serialization

    • [ ]

  • Basic Signature Implementation (ShulginSigning)

    • ED25519
    • SPHINCS+ (SHAKE256)
      • Generation
      • Signing
      • Verification
      • Add RNG
    • RustySignatures
      • SigningInfo (RNG + Digest)
    • Add Hash Derive

  • Hashing

    • SHA3 (SHA3-224)
    • BLAKE2s (8-byte)
    • BLAKE2B (48-byte)

  • Server To Store Keys

    • Decentralized
    • Nonce (PoW)

  • GitHub Attribute Tag

  • Security Audits

  • Zeroize

  • Error-Checking

  • Base58 ID

  • ShulginSigning

    • Includes Cryptographic Randomness In Signature (using 64 bytes argon2id and oscsprng)
    • Includes Public Key Checks Using SHA3-224

  • Code Auditing

    • No Unsafe Code
    • Dependecies
    • Cargo.toml
    • Cargo.lock
    • .gitignore
    • LICENSE
    • README

  • Work On Exporting The Certs in PKCS #7 or PEM

§Code Example

use librustysigs::prelude::*;
 
fn main() {
    // Certificates
    let full_certificate = UserCertificateFull::generate();
    let cert = full_certificate.publiccert();
 
    // Signature
    let signature = full_certificate.sign("This message is being signed by ED25519 and SPHINCS+ by librustysigs.", "silene");
 
    // Verify
    let is_valid_sig = RustySignaturesUsage::verify(cert, signature);
 
    // Asserts the signature is valid
    assert_eq!(is_valid_sig, true);
}

§Supported Algorithms

Default: ShulginSigning (ED25519/ED448 (with hedged signatures) + SPHINCS+ (SHAKE256)) - Best used in scenarioes that need high security measures in authenticity. - Best used in scenarioes that need public keys to be short with ED25519 being 32-bytes and SPHINCS+ being 64-bytes - Slower Signing, but more secure against known attacks with high security assumptions based on hash functions.

Alternative: AnneSigning (ED25519/ED448 (with hedged signatures) + Dilihitum65) - Best used in scenarioes that need to have faster signatures and general security assumptions based on lattices. - Best used in scenarioes that need to have less size for signatures

Alternative: WRCSigning (ED25519/ED448 + FALCON1024) - Best used in scenarioes that need to have faster signatures and good security measures. - Best used in scenarioes that need to have less size for signatures

§Definitions

The RustySignatureUsage is defined as:

  • The interface in which you can interact easily with the project, basically, an abstraction.

The PublicKeyID is defined as the BLAKE2B(40) hash digest of the SPHINCS+ and ED25519 Public Keys in hexadecimal (upper-case) with a colon delimiter. The ED25519 PK preceeds the SPHINCS+ PK with a colon delimiter : and is then hashed as bytes.

The EphermalSigningContext is defined as an 8-12 byte BLAKE2b hash of the SigningInfo, including the Argon2id RNG + Operating System Randomness, public key random hash (SHA3-224), and the id (6 bytes).

The UserCertificate is defined as:

  • A Personal Certificate tied to an individual, organization, or identity with respect to key awareness.

  • A Public Key Container holding the classical public key (ED25519/ED448 with Hedged Signatures) and the post-quantum public key (SPHINCS+ (SHAKE256))

The PrivUserCertificate is defined as:

  • A Personal Certificate tied to an individual, organization, or identity that proves ownership of UserCertificate and can be used to signing.

  • A UserCertificate and Secret Key Container holding the classical secret keys (ED25519/ED448 with Hedged Signatures) and the post-quantum secret key (SPHINCS+ (SHAKE256)). Due to the UserCertificate being held, it also contains the public keys.

The RustySignature is defined as:

  • the Message
    • bytes that represent the message, whether it be a vector of bytes or a hash.
  • the SigningInfo
    • The SigningInfo includes the CSPRNG and Public Keys and is detailed below
  • the ED25519Signature
    • 64 bytes
    • signature of (Message+SigningInfo), usually in the form of a hash
  • the SPHINCS+Signature
    • 29792 bytes
    • signature of (Message+SigningInfo), usually in the form of a hash

The SigningInfo is defined as:

  • the Argon2id
    • Ephermal Password Based Fed Into ChaCha20RNG
  • the OS-CSPRNG (32-bytes)
    • Operating System Randomness
  • the pk_hash
    • The SHA3-224 hash of ED25519:SPHINCS+ (hedged)
  • the id
    • The 6-byte hash of the pk_hash (hedged)

§Features

§UserCertificate

The UserCertificate contains the following:

  • Verification Methods
  • Certificate Signing Request Feature
    • [] CSR-RS

§PrivUserCertificate

The PrivUserCertificate contains the following:

  • Signing
  • Verifying Signatures

§RustySignature

  • Integrity Checks on Data using:
    • BLAKE2B(64)
    • SHA2-384
    • BLAKE3
  • Verification

§License

APACHE-2.0

Modules§

analysis
Analysis of Code/Repo
constants
errors
format
fs
Filesystem
prelude
All neccessary components
registry
Registry for Keys
rustyfunds
RustyFunds
timestamping
Timestamping Functionality
x59
X59 Certificate Public-Key Infrastructure

Structs§

RustySignature
RustySignature
RustySignaturesUsage
Signer
SigningInfo
SigningInfo
UserCertificate
User Certificate
UserCertificatePriv
User Certificate (Private/Full)

Enums§

Algorithms
Algorithms

Constants§

CERTVERSION

Functions§

get_fingerprint
Get Fingerprint for static id | 48
get_fingerprint_8
Get Fingerprint for static id | 8-byte