Downify is a small Rust library for downloading, signing, and verifying files. It's intended to be used as part of an application's update mechanism.
The library uses reqwest to download a file from a URL and hashes it with blake2-rfc. Sodiumoxide is then used to verify the file's signed hash before returning a VerifiedFile handle.
Sodiumoxide's keys and signatures are encoded with base64's URLSAFENO_PAD for storage/transfer. - Public keys are prepended with "DYP1" - Secret keys are prepended with "DYS1" - Signatures are prepended with "DYG1"
A command-line interface to the library, with options based on OpenBSD's Signify, is included.
``` extern crate downify;
// Generate a keypair let (publickey, secretkey) = downify::gen_keypair();
// Sign a file let signature = downify::sign("/source/path", &secret_key);
// Verify a local file let filehandle = downify::verifyopen("/source/path", &signature, &public_key).unwrap();
// Verify a remote file let filehandle = verifyget("https://www.example.com/", "/destination/path", &signature, &public_key).unwrap(); ```