Safe Haskell	None
Language	Haskell2010

NaCl.Sign

Description

Public-key signatures.

It is best to import this module qualified:

import qualified NaCl.Sign as Sign

signed = Sign.create sk message
verified = Sign.open pk signed

This is crypto_sign_* from NaCl.

Synopsis

type PublicKey a = SizedByteArray CRYPTO_SIGN_PUBLICKEYBYTES a
toPublicKey :: ByteArrayAccess bytes => bytes -> Maybe (PublicKey bytes)
type SecretKey a = SizedByteArray CRYPTO_SIGN_SECRETKEYBYTES a
toSecretKey :: ByteArrayAccess bytes => bytes -> Maybe (SecretKey bytes)
keypair :: IO (PublicKey ByteString, SecretKey ScrubbedBytes)
create :: (ByteArrayAccess skBytes, ByteArrayAccess ptBytes, ByteArray ctBytes) => SecretKey skBytes -> ptBytes -> ctBytes
open :: (ByteArrayAccess pkBytes, ByteArray ptBytes, ByteArrayAccess ctBytes) => PublicKey pkBytes -> ctBytes -> Maybe ptBytes

Documentation

type PublicKey a = SizedByteArray CRYPTO_SIGN_PUBLICKEYBYTES a Source #

Public key that can be used for verifyiing a signature.

This type is parametrised by the actual data type that contains bytes. This can be, for example, a ByteString.

toPublicKey :: ByteArrayAccess bytes => bytes -> Maybe (PublicKey bytes) Source #

Convert bytes to a public key.

type SecretKey a = SizedByteArray CRYPTO_SIGN_SECRETKEYBYTES a Source #

Secret key that can be used for creating a signature.

This type is parametrised by the actual data type that contains bytes. This can be, for example, a ByteString, but, since this is a secret key, it is better to use ScrubbedBytes.

toSecretKey :: ByteArrayAccess bytes => bytes -> Maybe (SecretKey bytes) Source #

Convert bytes to a secret key.

keypair :: IO (PublicKey ByteString, SecretKey ScrubbedBytes) Source #

Generate a new SecretKey together with its PublicKey.

Note: this function is not thread-safe (since the underlying C function is not thread-safe both in Sodium and in NaCl)! Either make sure there are no concurrent calls or see Crypto.Sodium.Init in crypto-sodium to learn how to make this function thread-safe.

create Source #

Arguments

:: (ByteArrayAccess skBytes, ByteArrayAccess ptBytes, ByteArray ctBytes)
=> SecretKey skBytes	Signer’s secret key
-> ptBytes	Message to sign
-> ctBytes

Sign a message.

signed = Sign.create sk message

sk is the signer’s secret key, used for authentication.
This is generated using keypair and the public part of the key needs to be given to the verifying party in advance.
message is the data you are signing.

This function will copy the message to a new location and add a signature, so that open will refuce to verify it.

open Source #

Arguments

:: (ByteArrayAccess pkBytes, ByteArray ptBytes, ByteArrayAccess ctBytes)
=> PublicKey pkBytes	Signer’s public key
-> ctBytes	Signed message
-> Maybe ptBytes

Verify a signature.

verified = Sign.open pk signed

pk is the signer’s public key.
signed is the output of create.

This function will return Nothing if the signature on the message is invalid.