Crate libsignify

source ·
Expand description

Create cryptographic signatures for files and verify them.

This is based on signify, the OpenBSD tool to sign and verify signatures on files. It is based on the Ed25519 public-key signature system by Bernstein et al.

libsignify can verify and create signatures that are interoperable with BSD signify. You can read more about the ideas and concepts behind signify in Securing OpenBSD From Us To You.

This crate is #![no_std] by default, but still relies on liballoc so your platform must provide an allocator to use libsignify.

To enable support for std::error::Error, enable the std feature.


A simple CLI that verifies some example data:

//! Basic example that shows how to verify a signature of some file.
//! You could, for example, replace the file reading with a HTTP client.
use libsignify::{Codeable, PublicKey, Signature};
use std::{fs, path::Path};

fn main() -> Result<(), Box<dyn std::error::Error>> {
    println!("verifying signature of message file");

    // Boilerplate so this code can run both via `cargo test --doc` and `cargo run --example`.
    // Not relevant to the example otherwise.
    let base_path = if std::env::var("CARGO_CRATE_NAME").is_ok() {
    } else {

    // First, open the message to verify the validity of.
    let message = fs::read(base_path.join("message.txt"))?;

    // Then, get the public key of the signer.
    let (signer_id, _) = {
        let public_key_contents = fs::read_to_string(base_path.join(""))?;


    // Now, fetch the signature we have for the message.
    // This could be from anywhere trusted, including a HTTP server for example.
    let (signature, _) = {
        let signature_contents = fs::read_to_string(base_path.join("message.txt.sig"))?;

    // With all of the parts needed, the message can be checked now.
    match signer_id.verify(&message, &signature) {
        Ok(()) => {
            println!("message was verified!");
        Err(e) => {
            eprintln!("message did not verify: {}", e);



  • Constants and type definitions from the signify design.



  • The error type which is returned when some signify operation fails.
  • The error that is returned when a file’s contents didn’t adhere to the signify file container format.
  • Key derivation options available when creating a new key.


  • A structure that can be converted to and from bytes and the signify file format.