Crate minisign_verify

Source
Expand description

A small crate to verify Minisign signatures.

This library provides zero-dependency verification of Minisign signatures. Minisign is a dead simple tool to sign files and verify signatures, developed by Frank Denis (author of libsodium).

§Features

  • Verify signatures for both standard and pre-hashed modes
  • Streaming verification for large files
  • No external dependencies
  • Simple, auditable code

§Basic Usage

use minisign_verify::{PublicKey, Signature};

// Create a public key from a base64 string
let public_key =
    PublicKey::from_base64("RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3")
        .expect("Unable to decode the public key");

// Create a signature from a string
let signature = Signature::decode(
    "untrusted comment: signature from minisign secret key
RUQf6LRCGA9i559r3g7V1qNyJDApGip8MfqcadIgT9CuhV3EMhHoN1mGTkUidF/\
     z7SrlQgXdy8ofjb7bNJJylDOocrCo8KLzZwo=
trusted comment: timestamp:1633700835\tfile:test\tprehashed
wLMDjy9FLAuxZ3q4NlEvkgtyhrr0gtTu6KC4KBJdITbbOeAi1zBIYo0v4iTgt8jJpIidRJnp94ABQkJAgAooBQ==",
)
.expect("Unable to decode the signature");

// Verify the signature
let bin = b"test";
public_key
    .verify(&bin[..], &signature, false)
    .expect("Signature didn't verify");

§Loading from Files

use minisign_verify::{PublicKey, Signature};
use std::path::Path;

// Load a public key from a file
let public_key = PublicKey::from_file(Path::new("minisign.pub"))
    .expect("Unable to load the public key");

// Load a signature from a file
let signature = Signature::from_file(Path::new("file.sig"))
    .expect("Unable to load the signature");

// Load the file content to verify
let content = std::fs::read("file").expect("Unable to read the file");

// Verify the signature
public_key
    .verify(&content, &signature, false)
    .expect("Signature didn't verify");

§Streaming Verification

For large files, you can use streaming verification to avoid loading the entire file into memory at once:

use minisign_verify::{PublicKey, Signature};
use std::fs::File;
use std::io::{self, Read};
use std::path::Path;

// Load a public key and signature
let public_key = PublicKey::from_file(Path::new("minisign.pub"))
    .expect("Unable to load the public key");

let signature = Signature::from_file(Path::new("large_file.sig"))
    .expect("Unable to load the signature");

// Create a stream verifier
let mut verifier = public_key.verify_stream(&signature)
    .expect("Unable to create stream verifier");

// Process the file in chunks
let mut file = File::open("large_file").expect("Unable to open file");
let mut buffer = [0u8; 8192]; // 8KB buffer

loop {
    let bytes_read = file.read(&mut buffer).expect("Error reading file");
    if bytes_read == 0 {
        break; // End of file
    }

    verifier.update(&buffer[..bytes_read]);
}

// Verify the signature
verifier.finalize().expect("Signature verification failed");

Note that the streaming verification mode only works with pre-hashed signatures (the default in newer versions of Minisign).

Structs§

PublicKey
A Minisign public key
Signature
A Minisign signature
StreamVerifier
A StreamVerifier to verify a signature against a data stream

Enums§

Error