Pure Rust multi-provider digital signature library with support for elliptic curve digital signature algorithms, namely ECDSA (described in FIPS 186‑4) and Ed25519 (described in RFC 8032).
Signatory provides a thread-safe and object-safe API and implements providers for many popular Rust crates, including ed25519‑dalek, ring, secp256k1, and sodiumoxide.
Signatory exposes a thread-and-object-safe API for creating digital signatures which allows several signature providers to be compiled-in and available with specific providers selected at runtime.
All Signatory providers require Rust 1.37
Signatory includes the following providers, which are each packaged into their own respective crates (except for the yubihsm provider, which is included directly in the yubihsm crate).
Provider Crate | Backend Crate | Type | P‑256 | P‑384 | secp256k1 |
---|---|---|---|---|---|
signatory‑ring | ring | Soft | ✅ | ✅ | ⛔ |
signatory‑secp256k1 | secp256k1 | Soft | ⛔ | ⛔ | ✅ |
yubihsm | yubihsm | Hard | ✅ | ✅ | ✅ |
Provider Crate | Backend Crate | Type | Signing | Verification |
---|---|---|---|---|
signatory‑dalek | ed25519‑dalek | Soft | 51 k/s | 18 k/s |
signatory‑ring | ring | Soft | 47 k/s | 16 k/s |
signatory‑sodiumoxide | sodiumoxide | Soft | 38 k/s | 15 k/s |
yubihsm | yubihsm | Hard | ~8/s | N/A |
Provider Crate | Backend Crate | Type | Signing | Verification |
---|---|---|---|---|
signatory‑ledger-tm | ledger-tendermint | Hard | N/A | N/A |
Above benchmarks performed using cargo bench
on an Intel Xeon E3-1225 v5 @ 3.30GHz.
Signatory is distributed under the terms of either the MIT license or the Apache License (Version 2.0), at your option.
See LICENSE-APACHE and LICENSE-MIT for details.