httpsig module #7

New issue

Closed

opened 2025-12-21 11:34:54 +00:00 by thabeta · 1 comment

thabeta commented 2025-12-21 11:34:54 +00:00

Owner

Copy link

Module Overview

The httpsig module implements the HTTP Signature scheme for authenticating API requests and responses in . This module provides a secure, standards-compliant way to verify the authenticity and integrity of HTTP messages, ensuring that requests truly come from claimed senders and haven't been tampered with in transit.

Functionality

• HTTP signature creation: Generate cryptographic signatures for HTTP requests using configurable headers and Ed25519 keys
• HTTP signature verification: Validate signatures on incoming requests to authenticate the sender
• Flexible header selection: Choose which HTTP headers to include in the signature calculation for different security requirements
• Key ID management: Extract and manage key identifiers from signature headers for lookup and validation
• String signing: Sign arbitrary strings for non-HTTP use cases while maintaining compatibility with the HTTP signature format

Module API

HTTP Signatures

• HttpSigner::new(keypair: KeyPair, key_id: &str) -> Self - Create a new HTTP signer with the provided keypair and identifier
• HttpSigner::with_headers(mut self, headers: Vec<String>) -> Self - Configure which HTTP headers to include in the signature calculation
• HttpSigner::sign_request(&self, request: &mut Request) -> Result<(), SignError> - Sign an HTTP request by adding the Signature header
• HttpSigner::sign_string(&self, string: &str) -> Result<String, SignError> - Sign a string directly using the HTTP signature format
• HttpVerifier::new(public_key: &str) -> Self - Create a verifier with a known public key for signature validation
• HttpVerifier::with_key_getter(mut self, getter: KeyGetter) -> Self - Set up a key lookup function to fetch public keys dynamically
• HttpVerifier::verify_request(&self, request: &Request) -> Result<(), VerifyError> - Verify the signature on an incoming HTTP request
• HttpVerifier::verify_signature(&self, signature: &str, message: &str, key_id: &str) -> Result<(), VerifyError> - Verify a signature string against a message
• extract_key_id(request: &Request) -> Result<String, HttpSigError> - Extract the key ID from the Signature header for lookup

## Module Overview The httpsig module implements the HTTP Signature scheme for authenticating API requests and responses in . This module provides a secure, standards-compliant way to verify the authenticity and integrity of HTTP messages, ensuring that requests truly come from claimed senders and haven't been tampered with in transit. ## Functionality - **HTTP signature creation**: Generate cryptographic signatures for HTTP requests using configurable headers and Ed25519 keys - **HTTP signature verification**: Validate signatures on incoming requests to authenticate the sender - **Flexible header selection**: Choose which HTTP headers to include in the signature calculation for different security requirements - **Key ID management**: Extract and manage key identifiers from signature headers for lookup and validation - **String signing**: Sign arbitrary strings for non-HTTP use cases while maintaining compatibility with the HTTP signature format ## Module API ### HTTP Signatures - `HttpSigner::new(keypair: KeyPair, key_id: &str) -> Self` - Create a new HTTP signer with the provided keypair and identifier - `HttpSigner::with_headers(mut self, headers: Vec<String>) -> Self` - Configure which HTTP headers to include in the signature calculation - `HttpSigner::sign_request(&self, request: &mut Request) -> Result<(), SignError>` - Sign an HTTP request by adding the Signature header - `HttpSigner::sign_string(&self, string: &str) -> Result<String, SignError>` - Sign a string directly using the HTTP signature format - `HttpVerifier::new(public_key: &str) -> Self` - Create a verifier with a known public key for signature validation - `HttpVerifier::with_key_getter(mut self, getter: KeyGetter) -> Self` - Set up a key lookup function to fetch public keys dynamically - `HttpVerifier::verify_request(&self, request: &Request) -> Result<(), VerifyError>` - Verify the signature on an incoming HTTP request - `HttpVerifier::verify_signature(&self, signature: &str, message: &str, key_id: &str) -> Result<(), VerifyError>` - Verify a signature string against a message - `extract_key_id(request: &Request) -> Result<String, HttpSigError>` - Extract the key ID from the Signature header for lookup

despiegk commented 2025-12-21 20:40:53 +00:00

Owner

Copy link

what is the usecase for this?

what is the usecase for this?

despiegk added this to the later milestone 2025-12-21 20:41:00 +00:00

sameh-farouk was assigned by thabeta 2025-12-31 17:11:26 +00:00

thabeta closed this issue 2026-01-06 09:53:19 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

develop-crypto-consolidation

main-work

develop_podman

kristof

main

rpc_opapi

main-integration

v0.3.4

v0.3.3

v0.3.2

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

later

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

sameh-farouk

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

geomind_research/herolib_rust#7

No description provided.