pub fn set_sd_alg(protected: &mut Header, alg: impl Into<Label>) -> &mut HeaderExpand description
Sets the sd_alg protected header parameter.
Examples found in repository?
examples/basic.rs (line 90)
58fn main() -> Result<(), Error> {
59 // Start from a pre-issued claim set. Tag 58 asks the issuer to redact a
60 // map key/value pair or an array element. Tag 62 asks for a decoy digest.
61 let preissued_claims = Value::Map(vec![
62 (Value::from(1), Value::from("https://issuer.example")),
63 (Value::from(8), Value::Map(vec![])), // cnf; fill with a real COSE key in production.
64 (
65 Value::Tag(TO_BE_REDACTED_TAG, Box::new(Value::from("name"))),
66 Value::from("Alice Example"),
67 ),
68 (
69 Value::from("roles"),
70 Value::Array(vec![
71 Value::Tag(TO_BE_REDACTED_TAG, Box::new(Value::from("admin"))),
72 Value::from("user"),
73 ]),
74 ),
75 (
76 Value::Tag(TO_BE_DECOY_TAG, Box::new(Value::from(1))),
77 Value::Null,
78 ),
79 ]);
80
81 // The library never generates randomness. Issuers provide fresh 16-byte
82 // salts. This deterministic generator is for a reproducible example only.
83 let mut salts = deterministic_demo_salts();
84 let issued = issue_from_preissuance(preissued_claims, &mut salts, &Sha256RedactionHasher)?;
85
86 // Sign the issued SD-CWT as a COSE_Sign1 message. The payload contains the
87 // redacted claims; sd_claims carries all disclosures for the Holder.
88 let mut sd_cwt = Sign1Message::new(Some(cbor2::to_vec(&issued.value)?));
89 set_sd_cwt_typ(&mut sd_cwt.protected);
90 set_sd_alg(&mut sd_cwt.protected, Sha256RedactionHasher.algorithm());
91 set_disclosures(&mut sd_cwt.unprotected, issued.disclosures.as_slice());
92 let encoded = sd_cwt.sign_and_encode(&Issuer, None)?;
93
94 // Holder receives every disclosure at issuance, so Holder validation uses
95 // the strict one-to-one rule: every redaction must have a disclosure.
96 let holder_sd_cwt = Sign1Message::verify_and_decode(&IssuerVerifier, &encoded, None)?;
97 let holder_claims = restore_payload_from_message(&holder_sd_cwt, RestoreMode::Holder)?;
98 println!("holder disclosed claims: {}", holder_claims.disclosed);
99
100 // During presentation, the Holder can disclose a subset. Unprotected
101 // headers are not issuer-signed; production presentations bind the selected
102 // disclosures with a Key Binding Token (KBT).
103 let mut presented = holder_sd_cwt.clone();
104 let selected = issued.disclosures.as_slice()[0].clone();
105 set_disclosures(&mut presented.unprotected, std::slice::from_ref(&selected));
106
107 let verifier_claims = restore_payload_from_message(&presented, RestoreMode::Verifier)?;
108 println!(
109 "verifier disclosed claims: {}, removed redactions: {}",
110 verifier_claims.disclosed, verifier_claims.removed_redactions
111 );
112
113 Ok(())
114}