| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Crypto.Sign
Contents
Description
Public-key signatures.
It is best to import this module qualified:
import qualified Crypto.Sign as Sign signed = Sign.createsk message verified = Sign.openpk signed
Functions in this modules work with combined signatures. This means that when you sign a message, it will be copied as is and then a signature will be prepended. So you should treat the resulting value as a transparent (because it is not encrypted) package with a signature attached on top.
Instead of accessing the message directly, you should use
open, which will verify the signature and return a copy of the
original message only if the signature was valid.
Synopsis
- type PublicKey a = SizedByteArray CRYPTO_SIGN_PUBLICKEYBYTES a
- toPublicKey :: ByteArrayAccess bytes => bytes -> Maybe (PublicKey bytes)
- type SecretKey a = SizedByteArray CRYPTO_SIGN_SECRETKEYBYTES a
- toSecretKey :: ByteArrayAccess bytes => bytes -> Maybe (SecretKey bytes)
- keypair :: IO (PublicKey ByteString, SecretKey ScrubbedBytes)
- keypairFromSeed :: ByteArrayAccess seed => Seed seed -> IO (PublicKey ByteString, SecretKey ScrubbedBytes)
- unsafeKeypairFromSeed :: ByteArrayAccess seed => Seed seed -> (PublicKey ByteString, SecretKey ScrubbedBytes)
- create :: (ByteArrayAccess skBytes, ByteArrayAccess ptBytes, ByteArray ctBytes) => SecretKey skBytes -> ptBytes -> ctBytes
- open :: (ByteArrayAccess pkBytes, ByteArray ptBytes, ByteArrayAccess ctBytes) => PublicKey pkBytes -> ctBytes -> Maybe ptBytes
Keys
type PublicKey a = SizedByteArray CRYPTO_SIGN_PUBLICKEYBYTES a #
Public key that can be used for verifyiing a signature.
This type is parametrised by the actual data type that contains
bytes. This can be, for example, a ByteString.
toPublicKey :: ByteArrayAccess bytes => bytes -> Maybe (PublicKey bytes) #
Convert bytes to a public key.
type SecretKey a = SizedByteArray CRYPTO_SIGN_SECRETKEYBYTES a #
Secret key that can be used for creating a signature.
This type is parametrised by the actual data type that contains
bytes. This can be, for example, a ByteString, but, since this
is a secret key, it is better to use ScrubbedBytes.
toSecretKey :: ByteArrayAccess bytes => bytes -> Maybe (SecretKey bytes) #
Convert bytes to a secret key.
keypair :: IO (PublicKey ByteString, SecretKey ScrubbedBytes) #
Generate a new SecretKey together with its PublicKey.
Note: this function is not thread-safe (since the underlying
C function is not thread-safe both in Sodium and in NaCl)!
Either make sure there are no concurrent calls or see
Crypto.Init in
crypto-sodium
to learn how to make this function thread-safe.
keypairFromSeed :: ByteArrayAccess seed => Seed seed -> IO (PublicKey ByteString, SecretKey ScrubbedBytes) Source #
unsafeKeypairFromSeed :: ByteArrayAccess seed => Seed seed -> (PublicKey ByteString, SecretKey ScrubbedBytes) Source #
Signing/verifying
Arguments
| :: (ByteArrayAccess skBytes, ByteArrayAccess ptBytes, ByteArray ctBytes) | |
| => SecretKey skBytes | Signer’s secret key |
| -> ptBytes | Message to sign |
| -> ctBytes |
Sign a message.
signed = Sign.create sk message
skis the signer’s secret key, used for authentication.This is generated using
keypairand the public part of the key needs to be given to the verifying party in advance.messageis the data you are signing.
This function will copy the message to a new location
and add a signature, so that open will refuce to verify it.
Arguments
| :: (ByteArrayAccess pkBytes, ByteArray ptBytes, ByteArrayAccess ctBytes) | |
| => PublicKey pkBytes | Signer’s public key |
| -> ctBytes | Signed message |
| -> Maybe ptBytes |
Verify a signature.
verified = Sign.open pk signed
pkis the signer’s public key.signedis the output ofcreate.
This function will return Nothing if the signature on the message
is invalid.