Added basic public-key cryptography example.
This commit is contained in:
parent
29498c4d89
commit
824eef95ae
|
@ -28,3 +28,4 @@ tiny-keccak = "1.4"
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
bincode = "1.0.0"
|
bincode = "1.0.0"
|
||||||
|
serde_derive = "1.0.55"
|
||||||
|
|
|
@ -1,5 +1,11 @@
|
||||||
# Examples
|
# Examples
|
||||||
|
|
||||||
|
- [`Public-Key Cryptography`](basic_pkc.rs) - Demonstrates how to generate a
|
||||||
|
random secret-key and corresponding public-key, sign some bytes using a
|
||||||
|
secret-key, validate the signature for some bytes using a public-key, encrypt
|
||||||
|
some bytes using a public-key, and how to decrypt a ciphertext using a
|
||||||
|
secret-key.
|
||||||
|
|
||||||
- [`Threshold Encryption`](threshold_enc.rs) - Demonstrates how to encrypt a
|
- [`Threshold Encryption`](threshold_enc.rs) - Demonstrates how to encrypt a
|
||||||
message to a group of actors with a master public-key, where the number of
|
message to a group of actors with a master public-key, where the number of
|
||||||
actors collaborating in the decryption process must exceed a given threshold
|
actors collaborating in the decryption process must exceed a given threshold
|
||||||
|
|
|
@ -0,0 +1,61 @@
|
||||||
|
extern crate bincode;
|
||||||
|
#[macro_use]
|
||||||
|
extern crate serde_derive;
|
||||||
|
extern crate threshold_crypto;
|
||||||
|
|
||||||
|
use bincode::{deserialize, serialize};
|
||||||
|
use threshold_crypto::{PublicKey, SecretKey, Signature};
|
||||||
|
|
||||||
|
#[derive(Deserialize, Serialize)]
|
||||||
|
struct SignedMsg {
|
||||||
|
msg: Vec<u8>,
|
||||||
|
sig: Signature,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
|
struct KeyPair {
|
||||||
|
sk: SecretKey,
|
||||||
|
pk: PublicKey,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl KeyPair {
|
||||||
|
fn random() -> Self {
|
||||||
|
let sk = SecretKey::random();
|
||||||
|
let pk = sk.public_key();
|
||||||
|
KeyPair { sk, pk }
|
||||||
|
}
|
||||||
|
|
||||||
|
fn create_signed_msg(&self, msg: &[u8]) -> SignedMsg {
|
||||||
|
let sig = self.sk.sign(msg);
|
||||||
|
let msg = msg.to_vec();
|
||||||
|
SignedMsg { msg, sig }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn main() {
|
||||||
|
// Alice and Bob each generate a public/private key-pair.
|
||||||
|
//
|
||||||
|
// Note: it is against best practices to use the same key-pair for both encryption/decryption
|
||||||
|
// and signing. The following example could be interpreted as advocating this, which it is not
|
||||||
|
// meant to. This is just a basic example. In this example, Bob's key-pair is used for signing
|
||||||
|
// where as Alice's is used for encryption/decryption.
|
||||||
|
let alice = KeyPair::random();
|
||||||
|
let bob = KeyPair::random();
|
||||||
|
|
||||||
|
// Bob wants to send Alice a message. He signs the plaintext message with his secret key. He
|
||||||
|
// then encrypts the signed message with Alice's public key.
|
||||||
|
let msg = b"let's get pizza";
|
||||||
|
let signed_msg = bob.create_signed_msg(msg);
|
||||||
|
let serialized = serialize(&signed_msg).expect("Failed to serialize `SignedMsg`");
|
||||||
|
let ciphertext = alice.pk.encrypt(&serialized);
|
||||||
|
|
||||||
|
// Alice receives Bob's encrypted message. She decrypts the message using her secret key. She
|
||||||
|
// then verifies that the signature of the plaintext is valid using Bob's public key.
|
||||||
|
let decrypted = alice.sk.decrypt(&ciphertext).expect("Invalid ciphertext");
|
||||||
|
let deserialized: SignedMsg =
|
||||||
|
deserialize(&decrypted).expect("Failed to deserialize bytes to `SignedMsg`");
|
||||||
|
assert!(bob.pk.verify(&deserialized.sig, &deserialized.msg));
|
||||||
|
|
||||||
|
// We assert that the message that Alice received is the same message that Bob sent.
|
||||||
|
assert_eq!(msg, &deserialized.msg[..]);
|
||||||
|
}
|
Loading…
Reference in New Issue