[]Module themis::secure_message

Secure Message system.

Secure Message provides a sequence-independent, stateless, contextless messaging system. This may be preferred in cases that do not require frequent sequential message exchange and/or in low-bandwidth contexts. It is secure enough to exchange messages from time to time, but if you would like to have Perfect Forward Secrecy and higher security guarantees, please consider using Secure Session instead.

Secure Message offers two modes of operation:

  • In Sign/Verify mode the message is signed using the private key of the sender and is verified by the receiver using the public key of the sender. The message is packed in a suitable container and ECDSA is used by default to sign the message (when RSA key is used, RSA+PSS+PKCS#7 digital signature is used).

  • In Encrypt/Decrypt mode the message will be encrypted with a randomly generated key (in RSA) or a key derived by ECDH (in ECDSA), via symmetric algorithm with Secure Cell in seal mode (keys are 256 bits long).

Here you can read more about cryptographic internals of Secure Messages.


Basic operation of Secure Message looks like this:

use themis::secure_message::SecureMessage;
use themis::keygen::gen_ec_key_pair;

let key_pair = gen_ec_key_pair();

let secure = SecureMessage::new(key_pair);

let encrypted = secure.encrypt(b"message")?;
let decrypted = secure.decrypt(&encrypted)?;
assert_eq!(decrypted, b"message");

You can find more examples for each operation mode in their respective documentation.



Secure Message encryption and decryption.


Secure Message signing.


Secure Message verification.