Expand description
Minisign is a public key signature system for arbitrary large files.
This implementation is fully compatible with the reference implementation.
Example
extern crate minisign;
use std::io::Cursor;
use minisign::{KeyPair, PublicKeyBox, SecretKeyBox, SignatureBox};
// -------------------- KEY GENERATION --------------------
// Generate and return a new key pair
// The key is encrypted using a password.
// If `None` is given, the password will be asked for interactively.
let KeyPair { pk, sk } =
KeyPair::generate_encrypted_keypair(Some("key password".to_string())).unwrap();
// In order to be stored to disk, keys have to be converted to "boxes".
// A box is just a container, with some metadata about its content.
// Boxes can be converted to/from strings, making them convenient to use for storage.
let pk_box_str = pk.to_box().unwrap().to_string();
let sk_box_str = sk
.to_box(None) // Optional comment about the key
.unwrap()
.to_string();
// `pk_box_str` and sk_box_str` can now be saved to disk.
// This is a long-term key pair, that can be used to sign as many files as needed.
// For conveniency, the `KeyPair::generate_and_write_encrypted_keypair()` function
// is available: it generates a new key pair, and saves it to disk (or any `Writer`)
// before returning it.
// -------------------- SIGNING DATA WITH AN EXISTING SECRET KEY --------------------
// Assuming that `sk_box_str` is something we previously saved and just reloaded,
// it can be converted back to a secret key box:
let sk_box = SecretKeyBox::from_string(&sk_box_str).unwrap();
// and the box can be opened using the password to reveal the original secret key:
let sk = sk_box
.into_secret_key(Some("key password".to_string()))
.unwrap();
// Now, we can use the secret key to sign anything.
let data = b"lorem ipsum";
let data_reader = Cursor::new(data);
let signature_box = minisign::sign(None, &sk, data_reader, None, None).unwrap();
// We have a signature! Let's inspect it a little bit.
println!(
"Untrusted comment: [{}]",
signature_box.untrusted_comment().unwrap()
);
println!(
"Trusted comment: [{}]",
signature_box.trusted_comment().unwrap()
);
// -------------------- SIGNATURE VERIFICATION WITH A PUBLIC KEY --------------------
// Converting the signature box to a string in order to save it is easy.
let signature_box_str = signature_box.into_string();
// Now, let's verify the signature.
// Assuming we just loaded it into `signature_box_str`, get the box back.
let signature_box = SignatureBox::from_string(&signature_box_str).unwrap();
// Load the public key from the string.
let pk_box = PublicKeyBox::from_string(&pk_box_str).unwrap();
let pk = pk_box.into_public_key().unwrap();
// And verify the data.
let data_reader = Cursor::new(data);
let verified = minisign::verify(&pk, &signature_box, data_reader, true, false, false);
match verified {
Ok(()) => println!("Success!"),
Err(_) => println!("Verification failed"),
};Structs
A key pair (
PublicKey and SecretKey).Error structure for the
minisign crate.A
PublicKey is used to verify signatures.A public key and its metadata.
A
SecretKey is used to create signatures.A secret key and its metadata.
A trimmed-down signature, without any comments section, with binary
serialization only
A signature, as well as the metadata required to verify it.
Enums
Constants
The default untrusted comment.
The default configuration directory of the
rsign tool.The default environment variable for the directory of the
rsign tool.The default file name for the public key.
The default file name for the secret key.
The default suffix for signatures.