celabshq · wysiwys · Nov 11, 2025 · Nov 11, 2025 · Nov 11, 2025 · Nov 11, 2025
diff --git a/Cargo.toml b/Cargo.toml
@@ -38,6 +38,7 @@ members = [
     "crates/algorithms/aesgcm",
     "crates/algorithms/aesgcm/fuzz",
     "crates/utils/hacl-rs",
+    "crates/primitives/signature",
 ]
 
 [workspace.package]

diff --git a/benchmarks/benches/ecdsa_p256.rs b/benchmarks/benches/ecdsa_p256.rs
@@ -2,7 +2,7 @@ use criterion::{criterion_group, criterion_main, BatchSize, Criterion};
 
 use benchmarks::util::*;
 use libcrux_ecdsa::{
-    p256::{Nonce, PrivateKey, PublicKey},
+    p256::{Nonce, SigningKey, VerificationKey},
     DigestAlgorithm,
 };
 
@@ -19,7 +19,7 @@ fn sign(c: &mut Criterion) {
                 let mut rng = rand::rng();
 
                 let sk: [u8; 32] = hex_str_to_array(SK_HEX);
-                let sk = PrivateKey::try_from(&sk).unwrap();
+                let sk = SigningKey::try_from(&sk).unwrap();
                 let nonce = Nonce::random(&mut rng).unwrap();
                 let msg = b"sample";
 
@@ -93,9 +93,9 @@ fn verify(c: &mut Criterion) {
                 let mut rng = rand::rng();
 
                 let pk = hex_str_to_bytes(PK_HEX);
-                let pk = PublicKey::try_from(pk.as_slice()).unwrap();
+                let pk = VerificationKey::try_from(pk.as_slice()).unwrap();
                 let sk: [u8; 32] = hex_str_to_array(SK_HEX);
-                let sk = PrivateKey::try_from(&sk).unwrap();
+                let sk = SigningKey::try_from(&sk).unwrap();
                 let nonce = Nonce::random(&mut rng).unwrap();
                 let msg = b"sample";
                 let sig = libcrux_ecdsa::p256::sign(DigestAlgorithm::Sha256, &msg[..], &sk, &nonce)

diff --git a/crates/algorithms/ecdsa/CHANGELOG.md b/crates/algorithms/ecdsa/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+- [#1241](https://github.com/cryspen/libcrux/pull/1241): 
+  - Rename `PrivateKey` -> `SigningKey`, `PublicKey` -> `VerificationKey`
+  - Add key-centric signature public APIs
+
 ## [0.0.4] (2025-11-05)
 
 - [#1061](https://github.com/cryspen/libcrux/pull/1061): Add `std` feature gate for `libcrux-ecdsa`

diff --git a/crates/algorithms/ecdsa/Cargo.toml b/crates/algorithms/ecdsa/Cargo.toml
@@ -1,28 +1,37 @@
 [package]
-name = "libcrux-ecdsa"
 description = "Formally verified ECDSA signature library"
+name = "libcrux-ecdsa"
 readme = "Readme.md"
 version = "0.0.4"
 
 authors.workspace = true
-license.workspace = true
-homepage.workspace = true
 edition.workspace = true
+homepage.workspace = true
+license.workspace = true
 repository.workspace = true
 
 [dependencies]
 libcrux-p256 = { version = "=0.0.4", path = "../p256", features = [
     "expose-hacl",
 ] }
 libcrux-sha2 = { version = "=0.0.4", path = "../sha2" }
+libcrux-secrets = { version = "=0.0.4", path = "../../utils/secrets" }
+libcrux-traits = { version = "=0.0.4", path = "../../../traits" }
 rand = { version = "0.9", optional = true, default-features = false }
 
 [features]
 default = ["rand", "std"]
 rand = ["dep:rand"]
 std = ["rand?/std"]
 
+# This doesn't check the secret independence of the implementation, but sets the
+# exposed API into secret independence checking mode.
+expose-secret-independence = [
+    "libcrux-secrets/check-secret-independence",
+    "libcrux-traits/check-secret-independence",
+]
+
 [dev-dependencies]
-rand_core = { version = "0.9" , features = ["os_rng"] }
+rand_core = { version = "0.9", features = ["os_rng"] }
 serde = { version = "1.0.217", features = ["derive"] }
 serde_json = "1.0.138"