3 unstable releases
0.2.1 | Feb 27, 2019 |
---|---|
0.2.0 | Feb 27, 2019 |
0.1.0 | Jan 22, 2019 |
#25 in #verifying
15KB
262 lines
Downify
Downify is a small Rust library for downloading, signing, and verifying files. It's intended to be used as part of an application's update mechanism.
The library uses reqwest to download a file from a URL and hashes it with blake2-rfc. Sodiumoxide is then used to verify the file's signed hash before returning a VerifiedFile
handle.
Sodiumoxide's keys and signatures are encoded with base64's URL_SAFE_NO_PAD for storage/transfer.
- Public keys are prepended with "DYP1"
- Secret keys are prepended with "DYS1"
- Signatures are prepended with "DYG1"
A command-line interface to the library, with options based on OpenBSD's Signify, is included.
Examples
extern crate downify;
// Generate a keypair
let (public_key, secret_key) = downify::gen_keypair();
// Sign a file
let signature = downify::sign("/source/path", &secret_key);
// Verify a local file
let file_handle = downify::verify_open("/source/path", &signature, &public_key).unwrap();
// Verify a remote file
let file_handle = verify_get("https://www.example.com/", "/destination/path", &signature, &public_key).unwrap();
Dependencies
~38MB
~514K SLoC