signy

Signed URLs for small devices.

Background

signy is a library for generating signed URLs on embedded devices using asymmetric cryptography. Signed URLs are typically utilized to grant time-limited access to private resources, such as those served by a Content Delivery Network (CDN). In the context of embedded devices, signed URLs may be used to enable an external system, or another component in the same system, to access a specific resource. For example, a device may generate a signed URL and pass it to a more capable system to allow it to download the resource on its behalf.

Use of signy requires a server that is capable of verifying the signed URLs it generates. If using signy with Golioth, the certificates associated with the Certificate Authority (CA) that issued the device certificate must be uploaded to your project.

Usage

signy leverages the Platform Security Architecture (PSA) Crypto API for signing operations. Private keys must be generated or imported using PSA Crypto APIs, and a signed certificate containing the public key must be passed to the signy library.

Signed URLs generated by signy adhere to the following format.

BASEURL?nb=NOTBEFORE&na=NOTAFTER&cert=CERTIFICATE&sig=SIGNATURE

BASEURL: the location of the resource (e.g. https://gw.golioth.io/.u/c/image@1.0.0)
NOTBEFORE / NOTAFTER: the unix timestamps defining the window in which the signed URL is valid. signy uses the device system time for NOTBEFORE and sets the NOTAFTER timestamp based on CONFIG_SIGNY_URL_VALIDITY_DURATION.
CERTIFICATE: the base64 unpadded URL encoding of the device certificate.
SIGNATURE: the signature over the entire portion of the URL preceding &sig=.

Zephyr

The signy repository is a Zephyr module and can be included in any Zephyr project by adding the following to the project's west.yml file.

- name: signy
  path: modules/lib/signy
  revision: main
  url: https://github.com/golioth/signy.git

See the Zephyr examples for more information.

ESP-IDF

The signy repository is an ESP-IDF component and can be included in any ESP-IDF project by specifying it as a dependency in the project's idf_component.yml.

dependencies:
  signy:
    path: components/signy
    git: https://github.com/golioth/signy/esp-idf/signy

See the esp-idf examples for more information.

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
esp-idf/signy		esp-idf/signy
examples		examples
include/signy		include/signy
src		src
zephyr		zephyr
.clang-format		.clang-format
.gitignore		.gitignore
CMakeLists.txt		CMakeLists.txt
Kconfig		Kconfig
LICENSE		LICENSE
README.md		README.md
west-ncs.yml		west-ncs.yml
west.yml		west.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Uh oh!

Repository files navigation

signy

Background

Usage

Zephyr

ESP-IDF

About

Uh oh!

Releases 1

Packages

Languages

Uh oh!

License

Uh oh!

golioth/signy

Folders and files

Latest commit

History

Repository files navigation

signy

Background

Usage

Zephyr

ESP-IDF

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 1

Packages 0

Languages

Packages