This crate provides the cryptographic functionality needed to implement the Secure Scuttlebutt networking protocols and content signing and encryption.
There are two implementations of the crypto operations available; one that uses libsodium C library (via the sodiumoxide crate), and a pure-rust implementation that uses dalek and RustCrypto crates (which is the default). You can select which implementation to use via Cargo.toml feature flags (see below).
If you only need the struct definitions and basic operations, disable default features, and (optionally) enable b64.
[dependencies.ssb-crypto] version = "0.2" default_features = false features = ["b64"]
On by default. Use the dalek/RustCrypto implementation of the crypto operations.
The crypto functionality is exposed via convenient methods, eg
PublicKey::verify. If neither
sodium features are enabled,
these methods won’t be available.
On by default. Provide functions to generate keys and nonces with user-specified
cryptographically-secure random number generator (Eg.
These functions can be used in
no_std environments that aren’t supported by
dalek is enabled.
On by default. Provide functions to generate keys and nonces using the OS-provided
cryptographically-secure random number generator (via the getrandom crate).
For environments that aren’t supported by getrandom, disable this feature and
generate_with_rng() functions instead.
Use the libsodium/sodiumoxide implementation of the crypto operations.
dalek features are both enabled, struct methods (eg.
will use the dalek implementation. Note that this can happen if multiple dependencies
use ssb-crypto, some preferring
sodium, and others preferring
To force the methods to use the sodium implementation, enable the
WARNING: if you use the sodium implementation, you must call ssb_crypto::sodium::init(). If you don’t, libsodium’s random-number generation and key-generation functions are not thread-safe.
[dependencies.ssb-crypto] version = "0.2" default_features = false features = ["sodium", "b64"]
sodium module, which contains standalone functions
for all the crypto operations, implemented using libsodium/sodiumoxide.
This is mostly useful for testing; eg.
cargo test --features sodium_module
will test the dalek and sodium implementations for compatibility.
Note that the sodium and dalek modules are hidden from the docs; you’ll have
to look at the code if you want to use them directly.
To build for an embedded (aka
no_std) environment, disable default features,
dalek and optionally
cargo build --no-default-features --features dalek,b64 --target thumbv7em-none-eabihf
Ephemeral (curve25519) keys and operations for deriving shared secrets via Elliptic-curve Diffie–Hellman
Secret (encrypted) “boxes” of data. (libsodium’s secretbox, aka xsalsa20poly1305)
crypto util(s). Just
memzero for now.
A sha256 hash digest. The standard hash in the scuttleverse.
A public/secret long-term key pair.
The network key, or network identifier, used during the secret handshake to prove that both parties are participating in the same ssb network.
The public half of a
The secret half of a
Types which are safe to treat as an immutable byte slice.
Types for which any byte pattern is valid.
Generate a sha256 hash digest from the given byte slice.