Safe Haskell	None
Language	GHC2021

Network.LibP2P.Crypto.SignedEnvelope

Description

Signed Envelopes (RFC 0002) for domain-separated signed payloads.

A signed envelope wraps a payload with: - Public key of the signer - Domain string (prevents cross-protocol signature reuse) - Payload type (multicodec) - Payload bytes - Signature over domain-separated content

Signing content (RFC 0002): [varint(len(domain))][domain][varint(len(payload_type))][payload_type][varint(len(payload))][payload] Wire format (protobuf): field 1: public_key (bytes, protobuf-encoded PublicKey) field 2: payload_type (bytes, multicodec) field 3: payload (bytes) field 5: signature (bytes)

Synopsis

data SignedEnvelope = SignedEnvelope {
- sePublicKey :: !PublicKey
- seDomain :: !ByteString
- sePayloadType :: !ByteString
- sePayload :: !ByteString
- seSignature :: !ByteString
}
createEnvelope :: PrivateKey -> PublicKey -> ByteString -> ByteString -> ByteString -> Either String SignedEnvelope
verifyEnvelope :: SignedEnvelope -> ByteString -> Bool
encodeSignedEnvelope :: SignedEnvelope -> ByteString
decodeSignedEnvelope :: ByteString -> Either String SignedEnvelope
buildSigningContent :: ByteString -> ByteString -> ByteString -> ByteString

Documentation

data SignedEnvelope Source #

A signed envelope containing a domain-separated signed payload.

Constructors

SignedEnvelope
Fields sePublicKey :: !PublicKey Signer's public key seDomain :: !ByteString Domain separation string sePayloadType :: !ByteString Payload type (multicodec bytes) sePayload :: !ByteString Payload bytes seSignature :: !ByteString Ed25519 signature

Instances

Instances details

Show SignedEnvelope Source #
Instance details Defined in Network.LibP2P.Crypto.SignedEnvelope Methods showsPrec :: Int -> SignedEnvelope -> ShowS # show :: SignedEnvelope -> String # showList :: [SignedEnvelope] -> ShowS #
Eq SignedEnvelope Source #
Instance details Defined in Network.LibP2P.Crypto.SignedEnvelope Methods (==) :: SignedEnvelope -> SignedEnvelope -> Bool # (/=) :: SignedEnvelope -> SignedEnvelope -> Bool #

createEnvelope :: PrivateKey -> PublicKey -> ByteString -> ByteString -> ByteString -> Either String SignedEnvelope Source #

Create a signed envelope.

verifyEnvelope :: SignedEnvelope -> ByteString -> Bool Source #

Verify a signed envelope against an expected domain. Reconstructs the signing content and verifies the signature.

encodeSignedEnvelope :: SignedEnvelope -> ByteString Source #

Encode a signed envelope to protobuf wire format. Note: domain is NOT included in the wire format (it's implicit from protocol context). Fields: 1=public_key, 2=payload_type, 3=payload, 5=signature

decodeSignedEnvelope :: ByteString -> Either String SignedEnvelope Source #

Decode a signed envelope from protobuf wire format. Note: domain is NOT in the wire format — caller must know it.

buildSigningContent :: ByteString -> ByteString -> ByteString -> ByteString Source #

Build the content that gets signed (RFC 0002). Format: [varint(len(domain))][domain][varint(len(payload_type))][payload_type][varint(len(payload))][payload] Each field is independently varint-length-prefixed.