Expand description

Message signatures.

The Signer allows for the computation of cryptographic signatures of data given a private key. The Verifier can then be used with the corresponding public key to verify the integrity and authenticity of that data given the signature.

Examples

Sign and verify data given an RSA keypair:

use openssl::sign::{Signer, Verifier};
use openssl::rsa::Rsa;
use openssl::pkey::PKey;
use openssl::hash::MessageDigest;

// Generate a keypair
let keypair = Rsa::generate(2048).unwrap();
let keypair = PKey::from_rsa(keypair).unwrap();

let data = b"hello, world!";
let data2 = b"hola, mundo!";

// Sign the data
let mut signer = Signer::new(MessageDigest::sha256(), &keypair).unwrap();
signer.update(data).unwrap();
signer.update(data2).unwrap();
let signature = signer.sign_to_vec().unwrap();

// Verify the data
let mut verifier = Verifier::new(MessageDigest::sha256(), &keypair).unwrap();
verifier.update(data).unwrap();
verifier.update(data2).unwrap();
assert!(verifier.verify(&signature).unwrap());

Compute an HMAC:

use openssl::hash::MessageDigest;
use openssl::memcmp;
use openssl::pkey::PKey;
use openssl::sign::Signer;

// Create a PKey
let key = PKey::hmac(b"my secret").unwrap();

let data = b"hello, world!";
let data2 = b"hola, mundo!";

// Compute the HMAC
let mut signer = Signer::new(MessageDigest::sha256(), &key).unwrap();
signer.update(data).unwrap();
signer.update(data2).unwrap();
let hmac = signer.sign_to_vec().unwrap();

// `Verifier` cannot be used with HMACs; use the `memcmp::eq` function instead
//
// Do not simply check for equality with `==`!
assert!(memcmp::eq(&hmac, &target));

Structs

Salt lengths that must be used with set_rsa_pss_saltlen.

A type which computes cryptographic signatures of data.

Functions