Skip to main content

vta_sdk/protocols/key_management/
sign.rs

1use serde::{Deserialize, Serialize};
2
3/// Signing algorithms supported by the VTA sign-request protocol.
4#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
5#[serde(rename_all = "lowercase")]
6#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
7pub enum SignAlgorithm {
8    /// Ed25519 / EdDSA signing.
9    EdDSA,
10    /// ECDSA with P-256 / ES256 signing.
11    ES256,
12}
13
14/// Body of a sign-request message.
15#[derive(Debug, Clone, Serialize, Deserialize)]
16#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
17pub struct SignRequestBody {
18    /// Key ID to sign with (must be an active key the caller has access to).
19    pub key_id: String,
20    /// Base64url-encoded payload bytes to sign.
21    pub payload: String,
22    /// Signing algorithm to use (must match the key type).
23    pub algorithm: SignAlgorithm,
24}
25
26/// Body of a sign-result message.
27#[derive(Debug, Clone, Serialize, Deserialize)]
28#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
29pub struct SignResultBody {
30    /// Key ID that was used.
31    pub key_id: String,
32    /// Base64url-encoded signature bytes.
33    pub signature: String,
34    /// Algorithm used.
35    pub algorithm: SignAlgorithm,
36}
37
38impl std::fmt::Display for SignAlgorithm {
39    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
40        match self {
41            SignAlgorithm::EdDSA => write!(f, "eddsa"),
42            SignAlgorithm::ES256 => write!(f, "es256"),
43        }
44    }
45}