bitwarden_crypto

Module signing

Source
Expand description

Signing is used to assert integrity of a message to others or to oneself.

Signing and signature verification operations are divided into three layers here:

  • (public) High-level: Give a struct, namespace, and get a signed object or signature + serialized message. Purpose: Serialization should not be decided by the consumer of this interface, but rather by the signing implementation. Each consumer shouldn’t have to make the decision on how to serialize. Further, the serialization format is written to the signature object, and verified.

  • Mid-level: Give a byte array, content format, namespace, and get a signed object or signature. Purpose: All signatures should be domain-separated, so that any proofs only need to consider the allowed messages under the current namespace, and cross-protocol attacks are not possible.

  • Low-level: Give a byte array, and get a signature. Purpose: This just implements the signing of byte arrays. Digital signature schemes generally just care about a set of input bytes to sign; and this operation implements that per-supported digital signature scheme. To add support for a new scheme, only this operation needs to be implemented for the new signing key type. This is implemented in the [‘signing_key’] and [‘verifying_key’] modules.

Signing operations are split into two types. The mid-level and high-level operations are implemented for each type respectively.

  • Sign: Create a signed_object::SignedObject that contains the payload. Purpose: If only one signature is needed for an object then it is simpler to keep the signature and payload together in one blob, so they cannot be separated.

  • Sign detached: Create a signature::Signature that does not contain the payload; but the serialized payload is returned. Purpose: If multiple signatures are needed for one object, then sign detached can be used.

Re-exports§

pub use namespace::SigningNamespace;
pub use signed_object::SignedObject;
pub use signature::Signature;
pub use signing_key::SigningKey;
pub use verifying_key::VerifyingKey;
pub use message::SerializedMessage;

Modules§

cose 🔒
This file contains helper functions to aid in COSE deserialization
message 🔒
This file contains message serialization for messages intended to be signed.
namespace 🔒
signature 🔒
signed_object 🔒
signing_key 🔒
verifying_key 🔒
A verifying key is the public part of a signature key pair. It is used to verify signatures.

Enums§

SignatureAlgorithm
The type of key / signature scheme used for signing and verifying.

Constants§

UNIFFI_META_CONST_BITWARDEN_CRYPTO_ENUM_SIGNATUREALGORITHM 🔒