Skip to content

Implementation of the IETF draft 'Signing HTTP Messages'

License

Unknown, MIT licenses found

Licenses found

Unknown
LICENSE-APACHE
MIT
LICENSE-MIT
Notifications You must be signed in to change notification settings

codebase-labs/http-signatures

 
 

Repository files navigation

http-sig

Implementation of the IETF draft HTTP Message Signatures.

This crate is maintained by the developers at PassFort Limited.

To Do

This version is a partial impementation of HTTP Message Signatures. The following is not supported:

  • Response signing
  • Processing Accept-Signature
  • @request-response specialty component

Documentation

https://docs.rs/http-sig

Features

This crate is intended to be used with multiple different HTTP clients and/or servers. As such, client/server-specific implementations are gated by correspondingly named features.

Supported crates:

Crate / Feature name Client/Server Notes
reqwest Client Supports blocking and non-blocking requests.1
rouille Server
  1. Due to limitations of the reqwest API, digests cannot be calculated automatically for non-blocking, streaming requests. For these requests, the user must add the digest manually before signing the request, or else the Digest header will not be included in the signature. Automatic digests for streaming requests are supported via the blocking API.

Supported signature algorithms:

Algorithm registry: https://tools.ietf.org/id/draft-ietf-httpbis-message-signatures-09.html#name-initial-contents

  • hmac-sha256
  • rsa-pss-sha512
  • rsa-v1_5-sha256
  • ecdsa-p256-sha256

Supported digest algorithms:

Digest registry: https://www.iana.org/assignments/http-dig-alg/http-dig-alg.xhtml

  • SHA-256
  • SHA-512

License

Licensed under either of

Contributing

Thanks for your interest in http-sig.

The best way to contribute is to open issues for bugs or missing features. Bug reports should contain as much information as possible and contain steps to reproduce. We are particularly interested in any bugs which may impact security.

Pull requests are also accepted. However, this crate is maintained primarily for internal use at PassFort Limited, and pull requests which do not align with our current priorities may not be reviewed promptly. To avoid wasted effort on large features, we strongly recommend opening an issue first to discuss the potential changes.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

About

Implementation of the IETF draft 'Signing HTTP Messages'

Resources

License

Unknown, MIT licenses found

Licenses found

Unknown
LICENSE-APACHE
MIT
LICENSE-MIT

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Rust 100.0%