SigningKey

bitwarden_crypto::signing::signing_key

Struct SigningKey 

Source 
pub struct SigningKey {
    pub(super) id: KeyId,
    inner: RawSigningKey,
}
Expand description

A signing key is a private key used for signing data. An associated VerifyingKey can be derived from it.

Fields§

§id: KeyId§inner: RawSigningKey

Implementations§

Source§

impl SigningKey

Source

fn sign_bytes( &self, serialized_message: &SerializedMessage, namespace: &SigningNamespace, ) -> Result<SignedObject, CryptoError>

Signs the given payload with the signing key, under a given namespace. This is is the underlying implementation of the sign method, and takes a raw byte array as input.

Source

pub fn sign<Message: Serialize>( &self, message: &Message, namespace: &SigningNamespace, ) -> Result<SignedObject, CryptoError>

Signs the given payload with the signing key, under a given namespace. This returns a SignedObject object, that contains the payload. The payload is included in the signature, and does not need to be provided when verifying the signature.

This should be used when only one signer is required, so that only one object needs to be kept track of.

use bitwarden_crypto::{SigningNamespace, SignatureAlgorithm, SigningKey};
use serde::{Serialize, Deserialize};

const EXAMPLE_NAMESPACE: SigningNamespace = SigningNamespace::SignedPublicKey;

#[derive(Serialize, Deserialize, Debug, PartialEq)]
struct TestMessage {
  field1: String,
}

let signing_key = SigningKey::make(SignatureAlgorithm::Ed25519);
let message = TestMessage {
  field1: "Test message".to_string(),
};
let namespace = EXAMPLE_NAMESPACE;
let signed_object = signing_key.sign(&message, &namespace).unwrap();
// The signed object can be verified using the verifying key:
let verifying_key = signing_key.to_verifying_key();
let payload: TestMessage = signed_object.verify_and_unwrap(&verifying_key, &namespace).unwrap();
assert_eq!(payload, message);
Source§

impl SigningKey

Source

pub fn sign_detached<Message: Serialize>( &self, message: &Message, namespace: &SigningNamespace, ) -> Result<(Signature, SerializedMessage), CryptoError>

Signs the given payload with the signing key, under a given SigningNamespace. This returns a Signature object, that does not contain the payload. The payload must be stored separately, and needs to be provided when verifying the signature.

This should be used when multiple signers are required, or when signatures need to be replaceable without re-uploading the object, or if the signed object should be parseable by the server side, without the use of COSE on the server.

use bitwarden_crypto::{SigningNamespace, SignatureAlgorithm, SigningKey};
use serde::{Serialize, Deserialize};

const EXAMPLE_NAMESPACE: SigningNamespace = SigningNamespace::SignedPublicKey;

#[derive(Serialize, Deserialize, Debug, PartialEq)]
struct TestMessage {
 field1: String,
}

let signing_key = SigningKey::make(SignatureAlgorithm::Ed25519);
let message = TestMessage {
 field1: "Test message".to_string(),
};
let namespace = EXAMPLE_NAMESPACE;
let (signature, serialized_message) = signing_key.sign_detached(&message, &namespace).unwrap();
// Verification
let verifying_key = signing_key.to_verifying_key();
assert!(signature.verify(&serialized_message.as_bytes(), &verifying_key, &namespace));
Source

pub fn counter_sign_detached( &self, serialized_message_bytes: Vec<u8>, initial_signature: &Signature, namespace: &SigningNamespace, ) -> Result<Signature, CryptoError>

Given a serialized message, signature, this counter-signs the message. That is, if multiple parties want to sign the same message, one party creates the initial message, and the other parties then counter-sign it, and submit their signatures. This can be done as follows: ``` let alice_key = SigningKey::make(SignatureAlgorithm::Ed25519); let bob_key = SigningKey::make(SignatureAlgorithm::Ed25519);

let message = TestMessage { field1: “Test message”.to_string(), }; let namespace = SigningNamespace::ExampleNamespace; let (signature, serialized_message) = alice_key.sign_detached(&message, &namespace).unwrap();\ // Alice shares (signature, serialized_message) with Bob. // Bob verifies the contents of serialized_message using application logic, then signs it: let (bob_signature, serialized_message) = bob_key.counter_sign(&serialized_message, &signature, &namespace).unwrap(); ```

Source

fn sign_detached_bytes( &self, message: &SerializedMessage, namespace: &SigningNamespace, ) -> Signature

Signs the given payload with the signing key, under a given namespace. This is is the underlying implementation of the sign_detached method, and takes a raw byte array as input.

Source§

impl SigningKey

Source

pub fn make(algorithm: SignatureAlgorithm) -> Self

Makes a new signing key for the given signature scheme.

Source

pub(super) fn cose_algorithm(&self) -> Algorithm

Source

pub fn to_verifying_key(&self) -> VerifyingKey

Derives the verifying key from the signing key. The key id is the same for the signing and verifying key, since they are a pair.

Source

pub(super) fn sign_raw(&self, data: &[u8]) -> Vec<u8>

Signs the given byte array with the signing key. This should not be used directly other than for generating namespace separated signatures or signed objects.

Trait Implementations§

Source§

impl Clone for SigningKey

Source§

fn clone(&self) -> SigningKey

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl CoseSerializable<CoseKeyContentFormat> for SigningKey

Source§

fn to_cose(&self) -> CoseKeyBytes

Serializes the signing key to a COSE-formatted byte array.

Source§

fn from_cose(bytes: &CoseKeyBytes) -> Result<Self, EncodingError>

Deserializes a COSE-formatted byte array into a signing key.

Source§

impl CryptoKey for SigningKey

Source§

impl ZeroizeOnDrop for SigningKey

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
§

impl<T> CompatExt for T

§

fn compat(self) -> Compat<T>

Applies the [Compat] adapter by value. Read more
§

fn compat_ref(&self) -> Compat<&T>

Applies the [Compat] adapter by shared reference. Read more
§

fn compat_mut(&mut self) -> Compat<&mut T>

Applies the [Compat] adapter by mutable reference. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, UT> HandleAlloc<UT> for T
where T: Send + Sync,

§

fn new_handle(value: Arc<T>) -> Handle

Create a new handle for an Arc value Read more
§

unsafe fn clone_handle(handle: Handle) -> Handle

Clone a handle Read more
§

unsafe fn consume_handle(handle: Handle) -> Arc<T>

Consume a handle, getting back the initial Arc<> Read more
§

unsafe fn get_arc(handle: Handle) -> Arc<Self>

Get a clone of the Arc<> using a “borrowed” handle. Read more
§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more