18 releases

0.0.18 Feb 20, 2025
0.0.17 Jan 17, 2025
0.0.16 Aug 30, 2024
0.0.15 Apr 12, 2024
0.0.8 Feb 29, 2024

#1054 in Cryptography

Download history 1018/week @ 2024-12-05 520/week @ 2024-12-12 129/week @ 2024-12-19 156/week @ 2024-12-26 190/week @ 2025-01-02 357/week @ 2025-01-09 849/week @ 2025-01-16 870/week @ 2025-01-23 1229/week @ 2025-01-30 1119/week @ 2025-02-06 1327/week @ 2025-02-13 2077/week @ 2025-02-20 2109/week @ 2025-02-27 1511/week @ 2025-03-06 1223/week @ 2025-03-13 1114/week @ 2025-03-20

6,351 downloads per month

MIT license

155KB
3K SLoC

httpsig-hyper

httpsig-hyper httpsig-hyper

Examples

You can run a basic example in ./examples as follows.

Sign and Verify a Request

% cargo run --example hyper-request

Sign and Verify a Response

% cargo run --example hyper-response

Caveats

Note that even if content-digest header is specified as one of covered component for signature, the verification process of httpsig-hyper doesn't validate the message body automatically. Namely, it only check the consistency between the signature and message components.

If you need to verify the body of a given message when content-digest is covered in signature-input header, you need to invoke verify_content_digest() function as follows.

// first verifies the signature according to `signature-input` header
let public_key = PublicKey::from_pem(EDDSA_PUBLIC_KEY).unwrap();
let signature_verification = req.verify_message_signature(&public_key, None).await;
assert!(verification_res.is_ok());

// if needed, content-digest can be verified separately (only if content-digest header is included in the header)
let verified_request = request_from_sender.verify_content_digest().await;
assert!(verified_request.is_ok())

In the context of cryptography, the content-digest of covered components in signature-input is verified in the process of signature verification. So, hash value of content-digest is verified. To check if the content-digest is correctly bound with the message body, we need to run the hashing process separately.

Dependencies

~11MB
~197K SLoC