Crate libsignify

source · []
Expand description

Create cryptographic signatures for files and verify them.

This is based on signify, the OpenBSD tool to sign and verify signatures on files. It is based on the Ed25519 public-key signature system by Bernstein et al.

libsignify can verify and create signatures that are interoperable with BSD signify. You can read more about the ideas and concepts behind signify in Securing OpenBSD From Us To You.

This crate is #![no_std] by default, but still relies on liballoc so your platform must provide an allocator to use libsignify.

To enable support for std::error::Error, enable the std feature.

Examples

A simple CLI that verifies some example data:

//! Basic example that shows how to verify a signature of some file.
//!
//! You could, for example, replace the file reading with a HTTP client.
use libsignify::{Codeable, PublicKey, Signature};
use std::{fs, path::Path};

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("verifying signature of message file");

    // Boilerplate so this code can run both via `cargo test --doc` and `cargo run --example`.
    // Not relevant to the example otherwise.
    let base_path = if std::env::var("CARGO_CRATE_NAME").is_ok() {
        Path::new("./examples/")
    } else {
        Path::new("./libsignify/examples/")
    };

    // First, open the message to verify the validity of.
    let message = fs::read(base_path.join("message.txt"))?;

    // Then, get the public key of the signer.
    let (signer_id, _) = {
        let public_key_contents = fs::read_to_string(base_path.join("test_key.pub"))?;

        PublicKey::from_base64(&public_key_contents)?
    };

    // Now, fetch the signature we have for the message.
    //
    // This could be from anywhere trusted, including a HTTP server for example.
    let (signature, _) = {
        let signature_contents = fs::read_to_string(base_path.join("message.txt.sig"))?;
        Signature::from_base64(&signature_contents)?
    };

    // With all of the parts needed, the message can be checked now.
    match signer_id.verify(&message, &signature) {
        Ok(()) => {
            println!("message was verified!");
            Ok(())
        }
        Err(e) => {
            eprintln!("message did not verify: {}", e);
            Err(Box::new(e))
        }
    }
}

Re-exports

pub use consts::KeyNumber;

Modules

consts

Constants and type definitions from the signify design.

Structs

PrivateKey

The full secret keypair.

PublicKey

The public half of a keypair.

Signature

A signature

Enums

Error

The error type which is returned when some signify operation fails.

FormatError

The error that is returned when a file’s contents didn’t adhere to the signify file container format.

NewKeyOpts

Key derivation options available when creating a new key.

Traits

Codeable

A structure that can be converted to and from bytes and the signify file format.