GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → go-fed → httpsig

go-fed / httpsig

Licence: BSD-3-Clause license
Golang implementation of the HTTP Signatures RFC draft, with SSH support!

Programming Languages

go
31211 projects - #10 most used programming language

Labels

sshhttpsigningsignatureshttp-signaturehttpsighttp-signatures

Projects that are alternatives of or similar to httpsig

Kryptor
A simple, modern, and secure encryption and signing tool that aims to be a better version of age and Minisign.
Stars: ✭ 267 (+360.34%)
Mutual labels:  signing, signatures
Keybase Gpg Github
Step-by-step guide on how to create a GPG key on keybase.io, adding it to a local GPG setup and using it with Git and GitHub.
Stars: ✭ 2,506 (+4220.69%)
Mutual labels:  signing
neuralRDEs
Code for: "Neural Rough Differential Equations for Long Time Series", (ICML 2021)
Stars: ✭ 102 (+75.86%)
Mutual labels:  signatures
requests-http-signature
A Requests auth module for the IETF HTTP Message Signatures draft standard
Stars: ✭ 63 (+8.62%)
Mutual labels:  http-signature
bitski-ios
Bitski iOS SDK
Stars: ✭ 18 (-68.97%)
Mutual labels:  signing
keygaen
Sign, verify, encrypt and decrypt data with PGP in your browser.
Stars: ✭ 78 (+34.48%)
Mutual labels:  signatures
fa
Automation tool for locating symbols & structs in binary (primary IDA focused)
Stars: ✭ 58 (+0%)
Mutual labels:  signatures
rust-minisign
A pure Rust implementation of the Minisign signature tool.
Stars: ✭ 76 (+31.03%)
Mutual labels:  signatures
cryptopocket
🔐 Encrypt anything, then Decrypt by providing a required key.
Stars: ✭ 22 (-62.07%)
Mutual labels:  signing
yara-parser
Tools for parsing rulesets using the exact grammar as YARA. Written in Go.
Stars: ✭ 69 (+18.97%)
Mutual labels:  signatures
4bytes
List of 4byte identifiers for EVM smart contract functions
Stars: ✭ 326 (+462.07%)
Mutual labels:  signatures
Function-Parameters
Function::Parameters - define functions and methods with parameter lists ("subroutine signatures")
Stars: ✭ 19 (-67.24%)
Mutual labels:  signatures
HTTPSignatures
A Burp Suite extension implementing the Signing HTTP Messages draft-ietf-httpbis-message-signatures-01 draft.
Stars: ✭ 38 (-34.48%)
Mutual labels:  signatures
java-http-signature
Library for performing RSA signed HTTP requests in Java
Stars: ✭ 15 (-74.14%)
Mutual labels:  http-signature
minter-go-sdk
Minter Blockchain Golang SDK, 💳 wallet, 🧾 transactions, gRPC and HTTP clients 🌐 https://t.me/MinterGoSDK
Stars: ✭ 12 (-79.31%)
Mutual labels:  signatures
Apkmod
Apkmod can decompile, recompile, sign APK, and bind the payload with any legit APP
Stars: ✭ 235 (+305.17%)
Mutual labels:  signing
AutomatedOutlookSignature
PowerShell script to automate the creation of Outlook signatures using Active Directory attributes.
Stars: ✭ 36 (-37.93%)
Mutual labels:  signatures
nativescript-drawingpad
📝 NativeScript plugin to provide a way to capture any drawing (signatures are a common use case) from the device
Stars: ✭ 89 (+53.45%)
Mutual labels:  signatures
cryptouri.rs
Rust implementation of CryptoURI: URN-like namespace for cryptographic objects with Bech32-based encoding
Stars: ✭ 33 (-43.1%)
Mutual labels:  signatures
ripple-binary-codec
Convert between json and hex representations of transactions and ledger entries on the XRP Ledger. Moved to: https://github.com/XRPLF/xrpl.js/tree/develop/packages/ripple-binary-codec
Stars: ✭ 18 (-68.97%)
Mutual labels:  signing
View All Similar Projects ➔

httpsig

HTTP Signatures made simple

Build Status Go Reference Go Report Card License Chat OpenCollective

go get github.com/go-fed/httpsig

Implementation of HTTP Signatures.

Supports many different combinations of MAC, HMAC signing of hash, or RSA signing of hash schemes. Its goals are:

  • Have a very simple interface for signing and validating
  • Support a variety of signing algorithms and combinations
  • Support setting either headers (Authorization or Signature)
  • Remaining flexible with headers included in the signing string
  • Support both HTTP requests and responses
  • Explicitly not support known-cryptographically weak algorithms
  • Support automatic signing and validating Digest headers

How to use

import "github.com/go-fed/httpsig"

Signing

Signing a request or response requires creating a new Signer and using it:

func sign(privateKey crypto.PrivateKey, pubKeyId string, r *http.Request) error {
	prefs := []httpsig.Algorithm{httpsig.RSA_SHA512, httpsig.RSA_SHA256}
	digestAlgorithm := DigestSha256
	// The "Date" and "Digest" headers must already be set on r, as well as r.URL.
	headersToSign := []string{httpsig.RequestTarget, "date", "digest"}
	signer, chosenAlgo, err := httpsig.NewSigner(prefs, digestAlgorithm, headersToSign, httpsig.Signature)
	if err != nil {
		return err
	}
	// To sign the digest, we need to give the signer a copy of the body...
	// ...but it is optional, no digest will be signed if given "nil"
	body := ...
	// If r were a http.ResponseWriter, call SignResponse instead.
	return signer.SignRequest(privateKey, pubKeyId, r, body)
}

Signers are not safe for concurrent use by goroutines, so be sure to guard access:

type server struct {
	signer httpsig.Signer
	mu *sync.Mutex
}

func (s *server) handlerFunc(w http.ResponseWriter, r *http.Request) {
	privateKey := ...
	pubKeyId := ...
	// Set headers and such on w
	s.mu.Lock()
	defer s.mu.Unlock()
	// To sign the digest, we need to give the signer a copy of the response body...
	// ...but it is optional, no digest will be signed if given "nil"
	body := ...
	err := s.signer.SignResponse(privateKey, pubKeyId, w, body)
	if err != nil {
		...
	}
	...
}

The pubKeyId will be used at verification time.

Verifying

Verifying requires an application to use the pubKeyId to both retrieve the key needed for verification as well as determine the algorithm to use. Use a Verifier:

func verify(r *http.Request) error {
	verifier, err := httpsig.NewVerifier(r)
	if err != nil {
		return err
	}
	pubKeyId := verifier.KeyId()
	var algo httpsig.Algorithm = ...
	var pubKey crypto.PublicKey = ...
	// The verifier will verify the Digest in addition to the HTTP signature
	return verifier.Verify(pubKey, algo)
}

Verifiers are not safe for concurrent use by goroutines, but since they are constructed on a per-request or per-response basis it should not be a common restriction.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].