Build Status

Hi and welcome on the git page of my crate "edcert".

Edcert is a simple library for certification and authentication of data.

How it works

  1. You create a master keypair. This will be used to sign the highest certificate.
  2. You create a root certificate. Sign this with the master key.
  3. You can now create other certificates and use certificates to sign each other.
  4. Transmit your certificates in a json-encoded format over the network.
  5. Sign and verify data with the certificates using the ".sign" and ".verify" methods.

The design uses the "super-secure, super-fast" elliptic curve [Ed25519], which you can learn more about here

For cryptography it uses the [sodiumoxide] library, which is based on [NaCl], the well known cryptography libraray by Dan Bernstein et al.

Example

```rust use chrono::Timelike; use chrono::UTC; use time::Duration; use meta::Meta; use certificate::Certificate; use validator::Validatable; use validator::Validator; use rootvalidator::RootValidator; use trustvalidator::TrustValidator; use revoker::NoRevoker;

// create random master key let (mpk, msk) = ed25519::generate_keypair();

// create random certificate let meta = Meta::newempty(); let expires = UTC::now() .checkedadd(Duration::days(90)) .expect("Failed to add 90 days to expiration date.") .withnanosecond(0) .unwrap(); let mut cert = Certificate::generaterandom(meta, expires);

// sign certificate with master key cert.signwithmaster(&msk);

// we can use a RootValidator, which analyzes the trust chain. // in this case, the top-most certificate must be signed with the right private key for mpk. let cv = RootValidator::new(&mpk, NoRevoker);

// now we use the CV to validate certificates asserteq!(true, cv.isvalid(&cert).is_ok());

// we could also use a TrustValidator. It's like RootValidator, but you can also give trusted // certificates. If the chain contains one of these, the upper certificates aren't checked // with the master public key. We can give any 32 byte key here, it doesn't matter. let mut tcv = TrustValidator::new(&[0; 32], NoRevoker); tcv.addtrustedcertificates(vec![cert.get_id()]);

// even though we gave a wrong master key, this certificate is valid, because it is trusted. asserteq!(true, tcv.isvalid(&cert).is_ok());

// now we sign data with it let data = [1; 42];

// and sign the data with the certificate let signature = cert.sign(&data) .expect("This fails, if no private key is known to the certificate.");

// the signature must be valid assert_eq!(true, cert.verify(&data, &signature)); ```

License

MIT

That means you can use this code in open source projects and/or commercial projects without any problems. Please read the license file "LICENSE" for details