#jwt #signatures #sign #verify #verify-signature #signature #crypto

fi-digital-signatures

Cryptography library for rust and WASM

4 releases

0.0.4 Jun 4, 2024
0.0.3 May 28, 2024
0.0.2 May 27, 2024
0.0.1 May 27, 2024

#451 in Cryptography

Download history 363/week @ 2024-05-26 144/week @ 2024-06-02 11/week @ 2024-06-09 2/week @ 2024-06-16

169 downloads per month

MIT/Apache

125KB
3K SLoC

fi-digital-signatures

crates.io Test Package publish Doc

fi-digital-signatures library is focused on managing the signing and verification. API documentation on docs.rs

Algorithms

This library currently supports the following algorithms:

  • HS256
  • HS384
  • HS512
  • RS256
  • RS384
  • RS512
  • PS256
  • PS384
  • PS512
  • ES256
  • ES384
  • ES512
  • ES256K
  • EdDSA

Signer - Rust

Signs a string content using a provided algorithm and a signing key

    use fi_digital_signatures::{
        algorithms::Algorithm,
        crypto::ecdsa::{
                _256k::{P256kSigningKey},
            },
        signer::sign
        }

    let signature_result = sign(
        String::from(CONTENT),
        P256kSigningKey::from_bytes(&hex::decode(PRIVATE_KEY_256K_HEX).unwrap().as_slice())
            .unwrap(),
        Algorithm::ES256K,
    );

    let signature = match signature_result {
        Ok(val) => val,
        Err(error) => {
            eprintln!("{}", error);
            panic!()
        }
    };

Verifier - Rust

Verifies the content with the signature using a provided algorithm.

    use fi_digital_signatures::{
        algorithms::Algorithm,
        crypto::ecdsa::{
                _256k::{P256kVerifyingKey},
            },
        verifier::verify
        }

    let verified = match verify(
        String::from(CONTENT),
        signature,
        P256kVerifyingKey::from_bytes(hex::decode(PUBLIC_KEY_256K_HEX).unwrap().as_slice())
            .unwrap(),
        Algorithm::ES256K
    ) {
        Ok(val) => val,
        Err(error) => {
            println!("{}", error.to_string());
            panic!()
        }
    };

JWT - Rust

    use chrono::Utc;
    use fi_digital_signatures::{
        algorithms::Algorithm,
        crypto::ecdsa::_512::{P512SigningKey, P512VerifyingKey},
        jwt::{Header, Payload, JWT},
    };
    use serde_json::json;

    let now = Utc::now().timestamp_millis() / 1000;

    let payload_content: Value = json!(
        {
    "sub": "1234567890",
    "name": "John Doe",
    "admin": true,
    "iat": 151623902,
    "exp": now + (6 * 24 * 60 * 60)
    }
    );

    let mut jwt = JWT {
        header: Header::new(String::from("id:129877"), Algorithm::ES512),
        payload: Payload(payload_content),
        signature: None,
    };

    match jwt.sign(P512SigningKey::from_pem(PRIVATE_KEY).unwrap()) {
        Ok(()) => {}
        Err(error) => {
            println!("{}", error);
            panic!()
        }
    };

    match jwt.to_token() {
        Ok(val) => val,
        Err(error) => {
            println!("{}", error);
            panic!()
        }
    };

Sign a JWT token - WASM

const fiDigitalSignatures = await import("fi-digital-signatures");

let header = new Header(KID, Algorithm.HS256)

let payload = new Payload({
    exp: EXPIRE,
    sub: test
})

let jwtObject = new fiDigitalSignatures.JWT(header, payload, null);
// Either a byte array of a private key or 
// {pem: PEM_CONTENT}, {passphrase: PASSPHRASE} or {n: N_VALUE,e: E_VALUE, ...} 
jwtObject.sign(SIGNING_OBJECT);
let token = jwtObject.toToken();

Verify a JWT token - WASM

const fiDigitalSignatures = await import("fi-digital-signatures");

fiDigitalSignatures.JWT.validate_token(
    JWT_TOKEN,
    Array.prototype.slice.call(
        Buffer.from(
        "04115b3fa39fae41b4e32f7721ca72f8c1781483647dabd514f08e66128bd47fce9067b90e0488c9c2a9f30f5a266a07841d6c077413ba07e74569b99d4fd3cec6",
        "hex"
        ),
        0
    )
)

Dependencies

~14MB
~274K SLoC