Module vodozemac::sas

source ·
Expand description

User-friendly key verification using short authentication strings (SAS).

The verification process is heavily inspired by Phil Zimmermann’s ZRTP key agreement handshake. A core part of key agreement in ZRTP is the hash commitment: the party that begins the key sharing process sends a hash of their part of the Diffie-Hellman exchange but does not send the part itself exchange until they had received the other party’s part.

The verification process can be used to verify the Ed25519 identity key of an Account.


use vodozemac::sas::Sas;
let alice = Sas::new();
let bob = Sas::new();

let bob_public_key = bob.public_key();

let bob = bob.diffie_hellman(alice.public_key())?;
let alice = alice.diffie_hellman(bob_public_key)?;

let alice_bytes = alice.bytes("AGREED_INFO");
let bob_bytes = bob.bytes("AGREED_INFO");

let alice_emojis = alice_bytes.emoji_indices();
let bob_emojis = bob_bytes.emoji_indices();

assert_eq!(alice_emojis, bob_emojis);


  • A struct representing a short auth string verification object where the shared secret has been established.
  • Error type for the case when we try to generate too many SAS bytes.
  • The output type for the SAS MAC calculation.
  • A struct representing a short auth string verification object.
  • Bytes generated from an shared secret that can be used as the short auth string.


  • Error type describing failures that can happen during the key verification.