Trait ed25519_dalek::DigestSigner
source · pub trait DigestSigner<D, S>where
D: Digest,{
// Required method
fn try_sign_digest(&self, digest: D) -> Result<S, Error>;
// Provided method
fn sign_digest(&self, digest: D) -> S { ... }
}
digest
only.Expand description
Sign the given prehashed message Digest
using Self
.
§Notes
This trait is primarily intended for signature algorithms based on the Fiat-Shamir heuristic, a method for converting an interactive challenge/response-based proof-of-knowledge protocol into an offline digital signature through the use of a random oracle, i.e. a digest function.
The security of such protocols critically rests upon the inability of an attacker to solve for the output of the random oracle, as generally otherwise such signature algorithms are a system of linear equations and therefore doing so would allow the attacker to trivially forge signatures.
To prevent misuse which would potentially allow this to be possible, this
API accepts a Digest
instance, rather than a raw digest value.
Required Methods§
sourcefn try_sign_digest(&self, digest: D) -> Result<S, Error>
fn try_sign_digest(&self, digest: D) -> Result<S, Error>
Attempt to sign the given prehashed message Digest
, returning a
digital signature on success, or an error if something went wrong.
Provided Methods§
sourcefn sign_digest(&self, digest: D) -> S
fn sign_digest(&self, digest: D) -> S
Sign the given prehashed message Digest
, returning a signature.
Panics in the event of a signing error.
Implementors§
impl<D> DigestSigner<D, Signature> for Context<'_, '_, SigningKey>
Equivalent to SigningKey::sign_prehashed
with context
set to Some
containing self.value()
.
§Note
The RFC only permits SHA-512 to be used for prehashing. This function technically works, and is
probably safe to use, with any secure hash function with 512-bit digests, but anything outside
of SHA-512 is NOT specification-compliant. We expose crate::Sha512
for user convenience.
impl<D> DigestSigner<D, Signature> for SigningKey
Equivalent to SigningKey::sign_prehashed
with context
set to None
.
§Note
The RFC only permits SHA-512 to be used for prehashing. This function technically works, and is
probably safe to use, with any secure hash function with 512-bit digests, but anything outside
of SHA-512 is NOT specification-compliant. We expose crate::Sha512
for user convenience.