An HTTP signature and digest header library for gleam's erlang target

Gleam 87%
Erlang 10.3%
Nix 2.7%

Find a file

emerald 76bb87d6fd docs: add more doc comments		2025-10-09 13:56:56 -04:00
.helix	rsa signatures	2025-10-05 15:50:02 -04:00
LICENSES	clean up for publishing	2025-10-06 14:13:27 -04:00
src	docs: add more doc comments	2025-10-09 13:56:56 -04:00
test	feat: digest header verification	2025-10-06 13:21:28 -04:00
.gitignore	project setup	2025-09-29 23:44:33 -04:00
flake.lock	project setup	2025-09-29 23:44:33 -04:00
flake.nix	rsa signatures	2025-10-05 15:50:02 -04:00
gleam.toml	docs: add more doc comments	2025-10-09 13:56:56 -04:00
README.md	clean up for publishing	2025-10-06 14:13:27 -04:00

README.md

hypersig

gleam add hypersig@1

import hypersig/signature
import hypersig/key
import gleam/http
import gleam/http/request

pub fn main() -> Nil {
  let assert Ok(#(public_key, private_key)) = key.generate_key_pair()

  // This would be some outgoing request to an ActivityPub server
  let req = 
    request.new()
    |> request.set_method(http.Post)
    |> request.set_path("/some/api/path")
    |> request.set_header("host", "mastodon.social")
    |> request.set_header("date", "Fri, 13 Oct 2023 11:11:11 GMT")
    |> request.set_header("content-type", "application/activity+json")

  // The request is signed with the private key and a "signature" header is added
  let assert Ok(req) =
    signature.new(private_key, "some-key-id")
    |> signature.with_header("content-type")
    |> signature.sign(req)

  // The request is now ready to be sent using whatever http client you prefer

  // On the other end, the verification would look something like this
  let assert Ok(True) =
    signature.from_request(req)
    |> signature.verify(with: public_key)
}

Further documentation can be found at https://hexdocs.pm/hypersig.

Development

gleam test  # Run the tests