| use k256::ecdsa::{SigningKey, Signature, signature::Signer}; | |
| use sha2::{Digest, Sha256}; | |
| use crate::shield::redact::PiiMatch; | |
| use std::sync::OnceLock; | |
| static SIGNING_KEY: OnceLock<SigningKey> = OnceLock::new(); | |
| pub fn init_signing_key(hex_key: &str) { | |
| let key = SigningKey::from_slice(&hex::decode(hex_key).unwrap()).unwrap(); | |
| let _ = SIGNING_KEY.set(key); | |
| } | |
| pub fn generate_proof(original: &str, pii_map: &[PiiMatch]) -> String { | |
| let sk = SIGNING_KEY.get().expect("Signing key not initialised"); | |
| let mut hasher = Sha256::new(); | |
| hasher.update(original); | |
| for m in pii_map { | |
| hasher.update(m.entity_type.as_bytes()); | |
| hasher.update(m.original.as_bytes()); | |
| hasher.update(m.placeholder.as_bytes()); | |
| } | |
| let digest = hasher.finalize(); | |
| let sig: Signature = sk.sign(&digest); | |
| hex::encode(sig.to_bytes()) | |
| } | |