Sign a canonical JSON payload with an Ed25519 private key. Args: private_key_pem: PKCS8 PEM-encoded private key. payload: Canonical JSON string to sign. Returns: Base64url-encoded Ed25519 signature (no padding).
(private_key_pem: str, payload: str)
| 103 | |
| 104 | |
| 105 | def sign_payload(private_key_pem: str, payload: str) -> str: |
| 106 | """ |
| 107 | Sign a canonical JSON payload with an Ed25519 private key. |
| 108 | |
| 109 | Args: |
| 110 | private_key_pem: PKCS8 PEM-encoded private key. |
| 111 | payload: Canonical JSON string to sign. |
| 112 | |
| 113 | Returns: |
| 114 | Base64url-encoded Ed25519 signature (no padding). |
| 115 | """ |
| 116 | private_key = serialization.load_pem_private_key( |
| 117 | private_key_pem.encode("utf-8"), |
| 118 | password=None, |
| 119 | ) |
| 120 | if not isinstance(private_key, ed25519.Ed25519PrivateKey): |
| 121 | raise TypeError("Private key must be Ed25519.") |
| 122 | signature = private_key.sign(payload.encode("utf-8")) |
| 123 | return base64.urlsafe_b64encode(signature).decode().rstrip("=") |
| 124 | |
| 125 | |
| 126 | def verify_signature( |
no outgoing calls
no test coverage detected