Pure Rust multi-provider digital signature library with support for elliptic curve digital signature algorithms, namely ECDSA (described in FIPS 186‑4) and Ed25519 (described in RFC 8032).
Signatory provides a thread-safe and object-safe API and implements providers for many popular Rust crates, including ed25519‑dalek, ring, secp256k1, and sodiumoxide.
About
Signatory exposes a thread-and-object-safe API for creating digital signatures which allows several signature providers to be compiled-in and available with specific providers selected at runtime.
Requirements
All Signatory providers require Rust 1.37+
Provider Support
Signatory includes the following providers, which are each packaged into their own respective crates (except for the yubihsm provider, which is included directly in the yubihsm crate).
ECDSA providers
| Provider Crate | Backend Crate | Type | P‑256 | P‑384 | secp256k1 |
|---|---|---|---|---|---|
| signatory‑ring | ring | Soft | |||
| signatory‑secp256k1 | secp256k1 | Soft | |||
| yubihsm | yubihsm | Hard |
Ed25519 providers
| Provider Crate | Backend Crate | Type | Signing | Verification |
|---|---|---|---|---|
| signatory‑dalek | ed25519‑dalek | Soft | 51 k/s | 18 k/s |
| signatory‑ring | ring | Soft | 47 k/s | 16 k/s |
| signatory‑sodiumoxide | sodiumoxide | Soft | 38 k/s | 15 k/s |
| yubihsm | yubihsm | Hard | ~8/s | N/A |
Tendermint only providers (amino encoded consensus votes)
| Provider Crate | Backend Crate | Type | Signing | Verification |
|---|---|---|---|---|
| signatory‑ledger-tm | ledger-tendermint | Hard | N/A | N/A |
Above benchmarks performed using cargo bench on an Intel Xeon E3-1225 v5 @ 3.30GHz.
License
Signatory is distributed under the terms of either the MIT license or the Apache License (Version 2.0), at your option.
See LICENSE-APACHE and LICENSE-MIT for details.