View Source HTTP Message Signatures

Implements HTTP Message Signatures

EEF Security WG project Main Branch Module Version Total Download License Last Updated Coverage Status

Usage

Sign Request / Response

Request = #{
  method => get,
  url => <<"https://example.com/path?queryString">>,
  headers => [{"content-type", "text/plain"}]
},

SignedRequest = http_message_signatures:sign(
  Request,
  #{
    components => [method, path, <<"content-type">>],
    key => <<"sig1">>,
    signer => fun(Data) ->
      execute_signature(Data)
    end
  }
).

Verify Request / Response

SignedRequest = #{
  %% Get the signed request from somewhere
},

{ok, #{<<"sig1">> := Parameters} = http_message_signatures:verify(
  SignedRequest,
  #{
    verifier => fun(Data, Signature, SignatureParameters) ->
      case execute_signature_verification(Data) of
        true -> ok;
        false -> {error, invalid_signature}
      end
    end
  }
).