NaCl-0.0.4.0: Easy-and-safe-to-use high-level Haskell bindings to NaCl
Safe HaskellNone
LanguageHaskell2010

NaCl.Sign

Description

Public-key signatures.

It is best to import this module qualified:

import qualified NaCl.Sign as Sign

signed = Sign.create sk message
verified = Sign.open pk signed

This is crypto_sign_* from NaCl.

Synopsis

Documentation

type PublicKey a = SizedByteArray CRYPTO_SIGN_PUBLICKEYBYTES a Source #

Public key that can be used for verifyiing a signature.

This type is parametrised by the actual data type that contains bytes. This can be, for example, a ByteString.

toPublicKey :: ByteArrayAccess bytes => bytes -> Maybe (PublicKey bytes) Source #

Convert bytes to a public key.

type SecretKey a = SizedByteArray CRYPTO_SIGN_SECRETKEYBYTES a Source #

Secret key that can be used for creating a signature.

This type is parametrised by the actual data type that contains bytes. This can be, for example, a ByteString, but, since this is a secret key, it is better to use ScrubbedBytes.

toSecretKey :: ByteArrayAccess bytes => bytes -> Maybe (SecretKey bytes) Source #

Convert bytes to a secret key.

keypair :: IO (PublicKey ByteString, SecretKey ScrubbedBytes) Source #

Generate a new SecretKey together with its PublicKey.

Note: this function is not thread-safe (since the underlying C function is not thread-safe both in Sodium and in NaCl)! Either make sure there are no concurrent calls or see Crypto.Init in crypto-sodium to learn how to make this function thread-safe.

create Source #

Arguments

:: (ByteArrayAccess skBytes, ByteArrayAccess ptBytes, ByteArray ctBytes) 
=> SecretKey skBytes

Signer’s secret key

-> ptBytes

Message to sign

-> ctBytes 

Sign a message.

signed = Sign.create sk message
  • sk is the signer’s secret key, used for authentication.

    This is generated using keypair and the public part of the key needs to be given to the verifying party in advance.

  • message is the data you are signing.

This function will copy the message to a new location and add a signature, so that open will refuce to verify it.

open Source #

Arguments

:: (ByteArrayAccess pkBytes, ByteArray ptBytes, ByteArrayAccess ctBytes) 
=> PublicKey pkBytes

Signer’s public key

-> ctBytes

Signed message

-> Maybe ptBytes 

Verify a signature.

verified = Sign.open pk signed
  • pk is the signer’s public key.
  • signed is the output of create.

This function will return Nothing if the signature on the message is invalid.