smokesignal.events / atproto-identity-rs
A library for ATProtocol identities.
fork atom
atproto-identity-rs / crates / atproto-record /
at v0.10.0 1 folder 2 files
src
Cargo.toml
README.md
README.md

atproto-record#

Cryptographic signature operations for AT Protocol records.

Overview#

Sign and verify AT Protocol records using IPLD DAG-CBOR serialization with support for P-256, P-384, and K-256 cryptographic signatures. Includes AT-URI parsing for record identification.

Features#

  • Record signing: Create cryptographic signatures on AT Protocol records with proper $sig object handling
  • Signature verification: Verify record signatures against public keys and issuer DIDs
  • AT-URI parsing: Parse and validate AT Protocol URIs (at://authority/collection/record_key)
  • IPLD serialization: DAG-CBOR serialization for signature consistency and integrity
  • Multi-curve support: Support for P-256, P-384, and K-256 elliptic curve signatures
  • Structured errors: Comprehensive error handling with detailed error types

CLI Tools#

The following command-line tools are available when built with the clap feature:

  • atproto-record-sign: Sign AT Protocol records with private keys and create signature objects
  • atproto-record-verify: Verify AT Protocol record signatures against public keys and issuers

Library Usage#

Creating Signatures#

use atproto_record::signature;
use atproto_identity::key::identify_key;
use serde_json::json;

let key_data = identify_key("did:key:zQ3sh...")?;
let record = json!({"$type": "app.bsky.feed.post", "text": "Hello!"});
let signature_object = json!({"issuer": "did:plc:issuer", "issuedAt": "2024-01-01T00:00:00Z"});

let signed_record = signature::create(
    &key_data,
    &record,
    "did:plc:repo",
    "app.bsky.feed.post",
    signature_object
).await?;

Verifying Signatures#

let issuer_key = identify_key("did:key:zQ3sh...")?;

signature::verify(
    "did:plc:issuer",
    &issuer_key,
    signed_record,
    "did:plc:repo",
    "app.bsky.feed.post"
).await?;

AT-URI Parsing#

use atproto_record::aturi::ATURI;
use std::str::FromStr;

let aturi = ATURI::from_str("at://did:plc:abc123/app.bsky.feed.post/3k2k4j5h6g")?;
println!("Authority: {}", aturi.authority);
println!("Collection: {}", aturi.collection);
println!("Record Key: {}", aturi.record_key);

Command Line Usage#

All CLI tools require the clap feature:

# Build with CLI support
cargo build --features clap --bins

# Sign a record
cargo run --features clap --bin atproto-record-sign -- did:key:zQ3sh... did:plc:issuer record.json \
  repository=did:plc:repo collection=app.bsky.feed.post

# Verify a signature
cargo run --features clap --bin atproto-record-verify -- did:plc:issuer did:key:zQ3sh... signed.json \
  repository=did:plc:repo collection=app.bsky.feed.post

License#

MIT License