Pure Rust multi-provider digital signature library with support for elliptic curve digital signature algorithms, namely ECDSA (described in FIPS 186‑4) and Ed25519 (described in RFC 8032).

Signatory provides a thread-safe and object-safe API and implements providers for many popular Rust crates, including ed25519‑dalek, ring, secp256k1, and sodiumoxide.

Documentation

About

Signatory exposes a thread-and-object-safe API for creating digital signatures which allows several signature providers to be compiled-in and available with specific providers selected at runtime.

Requirements

All Signatory providers require Rust 1.37+

Provider Support

Signatory includes the following providers, which are each packaged into their own respective crates (except for the yubihsm provider, which is included directly in the yubihsm crate).

ECDSA providers

| Provider Crate | Backend Crate | Type | P‑256 | P‑384 | secp256k1 | | --------------------- | -------------- | ---- | ------ | ------ | ---------- | | signatory‑ring | ring | Soft | ✅ | ✅ | ⛔ | | signatory‑secp256k1 | secp256k1 | Soft | ⛔ | ⛔ | ✅ | | yubihsm | yubihsm | Hard | ✅ | ✅ | ✅ |

Ed25519 providers

| Provider Crate | Backend Crate | Type | Signing | Verification | | ----------------------- | --------------- | ---- | ------- | ------------ | | signatory‑dalek | ed25519‑dalek | Soft | 51 k/s | 18 k/s | | signatory‑ring | ring | Soft | 47 k/s | 16 k/s | | signatory‑sodiumoxide | sodiumoxide | Soft | 38 k/s | 15 k/s | | yubihsm | yubihsm | Hard | ~8/s | N/A |

Tendermint only providers (amino encoded consensus votes)

| Provider Crate | Backend Crate | Type | Signing | Verification | | --------------------- | --------------- | ---- | ------- | ------------ | | signatory‑ledger-tm | ledger-tendermint | Hard | N/A | N/A |

Above benchmarks performed using

cargo bench

License

Signatory is distributed under the terms of either the MIT license or the Apache License (Version 2.0), at your option.

See LICENSE-APACHE and LICENSE-MIT for details.