You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -11,6 +11,18 @@ Implementation of [IETF RFC 9421](https://datatracker.ietf.org/doc/html/rfc9421)
This crates provides a basic library [httpsig](./httpsig) and [its extension](./httpsig-hyper/) of `hyper`'s http library. At this point, our library can sign and verify only request messages of hyper. (TODO: response message signature)
## Supported Signature Algorithms
-[x] HMAC using SHA-256
-[x] Ed25519
-[x] ECDSA-P256 using SHA-256
-[ ] ECDSA-P384 using SHA-384
~~- [] RSASSA-PSS using SHA-512~~
~~- [] RSASSA-PKCS1-v1_5 using SHA-256~~
At this point, we have no plan to support RSA signature due to [the problem related to the non-constant time operation](https://github.com/RustCrypto/RSA/issues/19), i.e., Mervin Attack.
## Usage of Extension for `hyper` (`httpsig-hyper`)
This is a case signing and verifying a signature generated with asymmetric cryptography (like EdDSA), where `PUBLIC_KEY_STRING` and `SECRET_KEY_STRING` is a public and private keys in PEM format, respectively. Generating and verifying a MAC through symmetric crypto (HMAC-SHA256) is also supported.
