jsonwebtoken/crypto/
eddsa.rs

1use ring::signature;
2
3use crate::algorithms::Algorithm;
4use crate::errors::Result;
5use crate::serialization::b64_encode;
6
7/// Only used internally when signing or validating EdDSA, to map from our enum to the Ring EdDSAParameters structs.
8pub(crate) fn alg_to_ec_verification(alg: Algorithm) -> &'static signature::EdDSAParameters {
9    // To support additional key subtypes, like Ed448, we would need to match on the JWK's ("crv")
10    // parameter.
11    match alg {
12        Algorithm::EdDSA => &signature::ED25519,
13        _ => unreachable!("Tried to get EdDSA alg for a non-EdDSA algorithm"),
14    }
15}
16
17/// The actual EdDSA signing + encoding
18/// The key needs to be in PKCS8 format
19pub fn sign(key: &[u8], message: &[u8]) -> Result<String> {
20    let signing_key = signature::Ed25519KeyPair::from_pkcs8_maybe_unchecked(key)?;
21    let out = signing_key.sign(message);
22    Ok(b64_encode(out))
23}