Module openssl::sign [−][src]
Message signatures.
The Signer
allows for the computation of cryptographic signatures of
data given a private key. The Verifier
can then be used with the
corresponding public key to verify the integrity and authenticity of that
data given the signature.
Examples
Sign and verify data given an RSA keypair:
use openssl::sign::{Signer, Verifier}; use openssl::rsa::Rsa; use openssl::pkey::PKey; use openssl::hash::MessageDigest; // Generate a keypair let keypair = Rsa::generate(2048).unwrap(); let keypair = PKey::from_rsa(keypair).unwrap(); let data = b"hello, world!"; let data2 = b"hola, mundo!"; // Sign the data let mut signer = Signer::new(MessageDigest::sha256(), &keypair).unwrap(); signer.update(data).unwrap(); signer.update(data2).unwrap(); let signature = signer.sign_to_vec().unwrap(); // Verify the data let mut verifier = Verifier::new(MessageDigest::sha256(), &keypair).unwrap(); verifier.update(data).unwrap(); verifier.update(data2).unwrap(); assert!(verifier.verify(&signature).unwrap());
Compute an HMAC:
use openssl::hash::MessageDigest; use openssl::memcmp; use openssl::pkey::PKey; use openssl::sign::Signer; // Create a PKey let key = PKey::hmac(b"my secret").unwrap(); let data = b"hello, world!"; let data2 = b"hola, mundo!"; // Compute the HMAC let mut signer = Signer::new(MessageDigest::sha256(), &key).unwrap(); signer.update(data).unwrap(); signer.update(data2).unwrap(); let hmac = signer.sign_to_vec().unwrap(); // `Verifier` cannot be used with HMACs; use the `memcmp::eq` function instead // // Do not simply check for equality with `==`! assert!(memcmp::eq(&hmac, &target));
Structs
RsaPssSaltlen | Salt lengths that must be used with |
Signer | A type which computes cryptographic signatures of data. |
Verifier |