#download #key #verifying #signing #file #verify

bin+lib downify

Downify is a small Rust library for downloading, signing, and verifying files

3 unstable releases

0.2.1 Feb 27, 2019
0.2.0 Feb 27, 2019
0.1.0 Jan 22, 2019

#25 in #verifying

MIT license

15KB
262 lines

Downify

crates.io docs

Downify is a small Rust library for downloading, signing, and verifying files. It's intended to be used as part of an application's update mechanism.

The library uses reqwest to download a file from a URL and hashes it with blake2-rfc. Sodiumoxide is then used to verify the file's signed hash before returning a VerifiedFile handle.

Sodiumoxide's keys and signatures are encoded with base64's URL_SAFE_NO_PAD for storage/transfer.

  • Public keys are prepended with "DYP1"
  • Secret keys are prepended with "DYS1"
  • Signatures are prepended with "DYG1"

A command-line interface to the library, with options based on OpenBSD's Signify, is included.

Examples

extern crate downify;

// Generate a keypair
let (public_key, secret_key) = downify::gen_keypair();

// Sign a file
let signature = downify::sign("/source/path", &secret_key);

// Verify a local file
let file_handle = downify::verify_open("/source/path", &signature, &public_key).unwrap();

// Verify a remote file
let file_handle = verify_get("https://www.example.com/", "/destination/path", &signature, &public_key).unwrap();

Dependencies

~38MB
~514K SLoC