Expand description
Message signatures.
The Signer
allows for the computation of cryptographic signatures of
data given a private key. The Verifier
can then be used with the
corresponding public key to verify the integrity and authenticity of that
data given the signature.
Examples
Sign and verify data given an RSA keypair:
use openssl::sign::{Signer, Verifier};
use openssl::rsa::Rsa;
use openssl::pkey::PKey;
use openssl::hash::MessageDigest;
// Generate a keypair
let keypair = Rsa::generate(2048).unwrap();
let keypair = PKey::from_rsa(keypair).unwrap();
let data = b"hello, world!";
let data2 = b"hola, mundo!";
// Sign the data
let mut signer = Signer::new(MessageDigest::sha256(), &keypair).unwrap();
signer.update(data).unwrap();
signer.update(data2).unwrap();
let signature = signer.sign_to_vec().unwrap();
// Verify the data
let mut verifier = Verifier::new(MessageDigest::sha256(), &keypair).unwrap();
verifier.update(data).unwrap();
verifier.update(data2).unwrap();
assert!(verifier.verify(&signature).unwrap());
Compute an HMAC:
use openssl::hash::MessageDigest;
use openssl::memcmp;
use openssl::pkey::PKey;
use openssl::sign::Signer;
// Create a PKey
let key = PKey::hmac(b"my secret").unwrap();
let data = b"hello, world!";
let data2 = b"hola, mundo!";
// Compute the HMAC
let mut signer = Signer::new(MessageDigest::sha256(), &key).unwrap();
signer.update(data).unwrap();
signer.update(data2).unwrap();
let hmac = signer.sign_to_vec().unwrap();
// `Verifier` cannot be used with HMACs; use the `memcmp::eq` function instead
//
// Do not simply check for equality with `==`!
assert!(memcmp::eq(&hmac, &target));
Structs
- Salt lengths that must be used with
set_rsa_pss_saltlen
. - A type which computes cryptographic signatures of data.
- A type which can be used to verify the integrity and authenticity of data given the signature.