crypto-sodium-0.0.4.0: Easy-and-safe-to-use high-level cryptography based on Sodium
Safe HaskellNone
LanguageHaskell2010

Crypto.Sign

Description

Public-key signatures.

It is best to import this module qualified:

import qualified Crypto.Sign as Sign

signed = Sign.create sk message
verified = Sign.open pk signed

Functions in this modules work with combined signatures. This means that when you sign a message, it will be copied as is and then a signature will be prepended. So you should treat the resulting value as a transparent (because it is not encrypted) package with a signature attached on top.

Instead of accessing the message directly, you should use open, which will verify the signature and return a copy of the original message only if the signature was valid.

Synopsis

Keys

type PublicKey a = SizedByteArray CRYPTO_SIGN_PUBLICKEYBYTES a #

Public key that can be used for verifyiing a signature.

This type is parametrised by the actual data type that contains bytes. This can be, for example, a ByteString.

toPublicKey :: ByteArrayAccess bytes => bytes -> Maybe (PublicKey bytes) #

Convert bytes to a public key.

type SecretKey a = SizedByteArray CRYPTO_SIGN_SECRETKEYBYTES a #

Secret key that can be used for creating a signature.

This type is parametrised by the actual data type that contains bytes. This can be, for example, a ByteString, but, since this is a secret key, it is better to use ScrubbedBytes.

toSecretKey :: ByteArrayAccess bytes => bytes -> Maybe (SecretKey bytes) #

Convert bytes to a secret key.

keypair :: IO (PublicKey ByteString, SecretKey ScrubbedBytes) #

Generate a new SecretKey together with its PublicKey.

Note: this function is not thread-safe (since the underlying C function is not thread-safe both in Sodium and in NaCl)! Either make sure there are no concurrent calls or see Crypto.Init in crypto-sodium to learn how to make this function thread-safe.

keypairFromSeed :: ByteArrayAccess seed => Seed seed -> IO (PublicKey ByteString, SecretKey ScrubbedBytes) Source #

Generate a new SecretKey together with its PublicKey from a given seed.

unsafeKeypairFromSeed :: ByteArrayAccess seed => Seed seed -> (PublicKey ByteString, SecretKey ScrubbedBytes) Source #

Generate a new SecretKey together with its PublicKey from a given seed, in a pure context.

Signing/verifying

create #

Arguments

:: (ByteArrayAccess skBytes, ByteArrayAccess ptBytes, ByteArray ctBytes) 
=> SecretKey skBytes

Signer’s secret key

-> ptBytes

Message to sign

-> ctBytes 

Sign a message.

signed = Sign.create sk message
  • sk is the signer’s secret key, used for authentication.

    This is generated using keypair and the public part of the key needs to be given to the verifying party in advance.

  • message is the data you are signing.

This function will copy the message to a new location and add a signature, so that open will refuce to verify it.

open #

Arguments

:: (ByteArrayAccess pkBytes, ByteArray ptBytes, ByteArrayAccess ctBytes) 
=> PublicKey pkBytes

Signer’s public key

-> ctBytes

Signed message

-> Maybe ptBytes 

Verify a signature.

verified = Sign.open pk signed
  • pk is the signer’s public key.
  • signed is the output of create.

This function will return Nothing if the signature on the message is invalid.