#http #signatures #digest #reqwest


An HTTP Signatures library that leaves the signing to you

9 unstable releases (3 breaking)

Uses new Rust 2021

0.4.0 Dec 13, 2021
0.3.1 Dec 7, 2021
0.2.1 Nov 22, 2021
0.2.0 Feb 3, 2021
0.1.3 Sep 30, 2020

#170 in Cryptography

Download history 387/week @ 2021-09-25 307/week @ 2021-10-02 656/week @ 2021-10-09 788/week @ 2021-10-16 835/week @ 2021-10-23 404/week @ 2021-10-30 953/week @ 2021-11-06 668/week @ 2021-11-13 889/week @ 2021-11-20 224/week @ 2021-11-27 630/week @ 2021-12-04 477/week @ 2021-12-11 295/week @ 2021-12-18 47/week @ 2021-12-25 208/week @ 2022-01-01 233/week @ 2022-01-08

796 downloads per month
Used in 15 crates (2 directly)

Custom license


HTTP Signature Normaliztion Reqwest

An HTTP Signatures library that leaves the signing to you

Http Signature Normalization is a minimal-dependency crate for producing HTTP Signatures with user-provided signing and verification. The API is simple; there's a series of steps for creation and verification with types that ensure reasonable usage.


This crate provides extensions the RequestBuilder type from reqwest

First, add this crate to your dependencies

http-signature-normalization-reqwest = { version = "0.2.0", default-features = false, features = ["sha-2"] }
reqwest = "0.11"
sha2 = "0.9"
thiserror = "0.1"
tokio = "1"

Then, use it in your client

use http_signature_normalization_reqwest::prelude::*;
use reqwest::{header::DATE, Client};
use sha2::{Digest, Sha256};

async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let config = Config::default().require_header("accept");

    let digest = Sha256::new();

    let response = Client::new()
        .header("User-Agent", "Reqwest")
        .header("Accept", "text/plain")
        .signature_with_digest(config, "my-key-id", digest, "my request body", |s| {
            println!("Signing String\n{}", s);
            Ok(base64::encode(s)) as Result<_, MyError>

    let body = response.bytes().await.map_err(MyError::Body)?;

    println!("{:?}", body);

#[derive(Debug, thiserror::Error)]
pub enum MyError {
    #[error("Failed to create signing string, {0}")]
    Convert(#[from] SignError),

    #[error("Failed to send request")]
    SendRequest(#[from] reqwest::Error),

    #[error("Failed to retrieve request body")]


Unless otherwise stated, all contributions to this project will be licensed under the CSL with the exceptions listed in the License section of this file.


This work is licensed under the Cooperative Software License. This is not a Free Software License, but may be considered a "source-available License." For most hobbyists, self-employed developers, worker-owned companies, and cooperatives, this software can be used in most projects so long as this software is distributed under the terms of the CSL. For more information, see the provided LICENSE file. If none exists, the license can be found online here. If you are a free software project and wish to use this software under the terms of the GNU Affero General Public License, please contact me at asonix@asonix.dog and we can sort that out. If you wish to use this project under any other license, especially in proprietary software, the answer is likely no.

Http Signature Normalization Reqwest is currently licensed under the AGPL to the Lemmy project, found at github.com/LemmyNet/lemmy


~182K SLoC