Crate ndn_security 

ndn-security – Packet signing, verification, and trust management

Provides cryptographic primitives and trust-policy enforcement for NDN packets. Signers produce signatures; verifiers check them; the validator chains verification with a TrustSchema to decide whether data is trustworthy. Only validated data is wrapped in SafeData, giving the compiler a way to enforce that unverified packets are never forwarded.

Key types

• Signer / Verifier – signing and verification traits
• Ed25519Signer, Ed25519Verifier, HmacSha256Signer – concrete impls
• Validator – chains verification + trust schema lookup
• TrustSchema – name-pattern rules for trust decisions
• SafeData – newtype proving a Data packet has been validated
• CertCache, KeyStore – certificate and key storage
• SecurityManager – high-level facade combining the above

Re-exports

pub use cert_cache::CertCache;

pub use cert_cache::Certificate;

pub use cert_fetcher::CertFetcher;

pub use cert_fetcher::FetchFn;

pub use error::TrustError;

pub use key_store::KeyAlgorithm;

pub use key_store::KeyStore;

pub use key_store::MemKeyStore;

pub use keychain::KeyChain;

pub use lvs::LvsError;

pub use lvs::LvsModel;

pub use manager::SecurityManager;

pub use pib::FilePib;

pub use pib::PibError;

pub use profile::SecurityProfile;

pub use safe_data::SafeData;

pub use sign_ext::SignWith;

pub use signer::Blake3KeyedSigner;

pub use signer::Blake3Signer;

pub use signer::Ed25519Signer;

pub use signer::HmacSha256Signer;

pub use signer::SIGNATURE_TYPE_DIGEST_BLAKE3_KEYED;

pub use signer::SIGNATURE_TYPE_DIGEST_BLAKE3_PLAIN;

pub use signer::Signer;

pub use trust_schema::NamePattern;

pub use trust_schema::PatternComponent;

pub use trust_schema::PatternParseError;

pub use trust_schema::SchemaRule;

pub use trust_schema::TrustSchema;

pub use validator::ValidationResult;

pub use validator::Validator;

pub use verifier::Blake3DigestVerifier;

pub use verifier::Blake3KeyedVerifier;

pub use verifier::Ed25519Verifier;

pub use verifier::Verifier;

pub use verifier::VerifyOutcome;

pub use verifier::ed25519_verify_batch;

pub use zone::ZoneKey;

pub use zone::verify_zone_root;

pub use zone::zone_root_from_pubkey;

pub use zone::zone_root_to_did;

pub use did::DereferencedResource;

pub use did::DidController;

pub use did::DidDocument;

pub use did::DidDocumentMetadata;

pub use did::DidError;

pub use did::DidResolutionResult;

pub use did::DidResolver;

pub use did::DidUrl;

pub use did::KeyDidResolver;

pub use did::NdnDidResolver;

pub use did::Service;

pub use did::ServiceEndpoint;

pub use did::UniversalResolver;

pub use did::VerificationMethod;

pub use did::VerificationRef;

pub use did::build_zone_did_document;

pub use did::build_zone_succession_document;

pub use did::cert_to_did_document;

pub use did::deref_did_url;

pub use did::did_to_name;

pub use did::name_to_did;

Modules

cert_cache

cert_fetcher

Asynchronous certificate fetcher for NDN trust chain resolution.

did

NDN DID method — encode NDN names as W3C Decentralized Identifiers and resolve DID Documents over the NDN network or via bridged methods.

error

file_tpm

File-backed TPM (private-key store), wire-compatible with ndn-cxx’s tpm-file backend (path B + Ed25519 superset).

key_store

keychain

KeyChain — the primary security API for NDN applications.

lvs

LightVerSec (LVS) binary trust schema parser and evaluator.

manager

pib

profile

safe_bag

SafeBag — ndn-cxx interop wrapper for transferring an identity (a certificate plus its password-encrypted private key) between machines.

safe_data

sign_ext

SignWith — extension trait for ergonomic packet signing with a Signer.

signer

sqlite_pib

SQLite-backed Public Info Base (PIB), wire-compatible with ndn-cxx’s pib-sqlite3 backend.

trust_schema

validator

verifier

zone

Self-certifying namespace primitives for the Named Data Architecture (NDA).