docs: refine Go docs and improve naming

2025-07-08 07:34:57 -04:00
parent af00c4ff6c
commit 83227f36a7
13 changed files with 171 additions and 102 deletions
--- a/README.md
+++ b/README.md
@@ -1,3 +1,56 @@
 # go-varsig

-`go-varsig` implements v0.1.0 of the [`varsig` specification]
+`go-varsig` implements the upcoming v1.0.0 release of the [`varsig` specification](https://github.com/ChainAgnostic/varsig/pull/18)
+with limited (and soon to be deprecated) support for the `varsig` < v1.0
+specification.  This is predominatly included to support the UCAN v1.0
+use-case.
+
+## Usage
+
+Include the `go-varsig` library  by running the following command:
+
+```bash
+go get github.com/ucan-wg/go-varsig@latest
+```
+
+## Documentation
+
+Documentation for this library is provided as Go docs at
+https://pkg.go.dev/github.com/ucan-wg/go-varsig.
+
+## Development
+
+Install the required development tools using `asdf` by running the
+following command in this repository (or install them manually):
+
+```bash
+asdf install
+```
+
+### Checks
+
+This repository contains an set of pre-commit hooks that are run prior to
+each `git commit`.  You can also run these checks manually using the
+following command:
+
+```bash
+pre-commit run --all-files
+```
+
+### Github workflows development
+
+ASDF installs `act` to support Github workflow development - in general,
+follow these steps to test the workflow:
+
+If you're using `podman` instead of `docker`, use the `podman` socket to
+simulate the `docker` daemon:
+
+```bash
+export DOCKER_HOST=unix:///var/run/podman/podman.sock
+```
+
+Since there's only one workflow, the simplest command to test it is:
+
+```bash
+act
+```
--- a/common.go
+++ b/common.go
@@ -3,7 +3,7 @@ package varsig
 // Ed25519 produces a varsig that describes the associated algorithm defined
 // by the [IANA JOSE specification].
 //
-// [IANA JOSE specidication]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
+// [IANA JOSE specification]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
 func Ed25519(payloadEncoding PayloadEncoding, opts ...Option) (*EdDSAVarsig, error) {
 	return NewEdDSAVarsig(CurveEd25519, HashAlgorithmSHA512, payloadEncoding, opts...)
 }
@@ -11,7 +11,7 @@ func Ed25519(payloadEncoding PayloadEncoding, opts ...Option) (*EdDSAVarsig, err
 // Ed448 produces a varsig that describes the associated algorithm defined
 // by the [IANA JOSE specification].
 //
-// [IANA JOSE specidication]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
+// [IANA JOSE specification]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
 func Ed448(payloadEncoding PayloadEncoding, opts ...Option) (*EdDSAVarsig, error) {
 	return NewEdDSAVarsig(CurveEd448, HashAlgorithmShake256, payloadEncoding, opts...)
 }
@@ -19,7 +19,7 @@ func Ed448(payloadEncoding PayloadEncoding, opts ...Option) (*EdDSAVarsig, error
 // RS256 produces a varsig that describes the associated algorithm defined
 // by the [IANA JOSE specification].
 //
-// [IANA JOSE specidication]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
+// [IANA JOSE specification]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
 func RS256(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (*RSAVarsig, error) {
 	return NewRSAVarsig(HashAlgorithmSHA256, keyLength, payloadEncoding, opts...)
 }
@@ -27,7 +27,7 @@ func RS256(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (*
 // RS384 produces a varsig that describes the associated algorithm defined
 // by the [IANA JOSE specification].
 //
-// [IANA JOSE specidication]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
+// [IANA JOSE specification]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
 func RS384(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (*RSAVarsig, error) {
 	return NewRSAVarsig(HashAlgorithmSHA384, keyLength, payloadEncoding, opts...)
 }
@@ -35,7 +35,7 @@ func RS384(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (*
 // RS512 produces a varsig that describes the associated algorithm defined
 // by the [IANA JOSE specification].
 //
-// [IANA JOSE specidication]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
+// [IANA JOSE specification]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
 func RS512(keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (*RSAVarsig, error) {
 	return NewRSAVarsig(HashAlgorithmSHA512, keyLength, payloadEncoding, opts...)
 }
--- a/constant.go
+++ b/constant.go
@@ -8,10 +8,16 @@ import (
 	"github.com/multiformats/go-multicodec"
 )

+// Prefix is the multicodec.Code for the varsig's varuint prefix byte.
+const Prefix = uint64(multicodec.Varsig)
+
 // HashAlgorithm is the multicodec.Code that specifies the hash algorithm
 // that's used to reduced the signed content
 type HashAlgorithm uint64

+// Constant multicodec.Code values that allow Varsig implementations to
+// specify how the payload content is hashed before the signature is
+// generated.
 const (
 	HashAlgorithmUnspecified HashAlgorithm = 0x00
 	HashAlgorithmSHA256                    = HashAlgorithm(multicodec.Sha2_256)
@@ -48,6 +54,9 @@ func DecodeHashAlgorithm(r *bytes.Reader) (HashAlgorithm, error) {
 // consistent hashes and signatures.
 type PayloadEncoding uint64

+// Constant multicodec.Code values that allow Varsig implementations to
+// specify how the payload content is encoded before being hashed.  In
+// varsig >= v1, only canonical encoding is allowed.
 const (
 	PayloadEncodingUnspecified PayloadEncoding = 0x00
 	PayloadEncodingVerbatim    PayloadEncoding = 0x5f
@@ -108,14 +117,14 @@ func decodeEncodingInfoV1(payEnc PayloadEncoding) (PayloadEncoding, error) {
 	return payEnc, nil
 }

-// SignAlgorithm is (usually) the multicodec.Code representing the public
+// Discriminator is (usually) the multicodec.Code representing the public
 // key type of the algorithm used to create the signature.
 //
 // There is not set list of constants here, nor is there a decode function
 // as the author of an implementation should include the constant with the
 // implementation, and the decoding is handled by the Handler, which uses
-// the SignAlgorithm to choose the correct implementation.  Also note that
-// some of the SignAlgorithm values for a specific implementation have
+// the Discriminator to choose the correct implementation.  Also note that
+// some of the Discriminator values for a specific implementation have
 // changed between varsig v0 and v1, so it's possible to have more than one
 // constant defined per implementation.
-type SignAlgorithm uint64
+type Discriminator uint64
--- a/ecdsa.go
+++ b/ecdsa.go
@@ -2,8 +2,8 @@ package varsig

 // Stub
 const (
-	SignAlgorithmECDSASecp256k1 SignAlgorithm = 0xe7
-	SignAlgorithmECDSAP256      SignAlgorithm = 0x1200
-	SignAlgorithmECDSAP384      SignAlgorithm = 0x1201
-	SignAlgorithmECDSAP521      SignAlgorithm = 0x1202
+	DiscriminatorECDSASecp256k1 Discriminator = 0xe7
+	DiscriminatorECDSAP256      Discriminator = 0x1200
+	DiscriminatorECDSAP384      Discriminator = 0x1201
+	DiscriminatorECDSAP521      Discriminator = 0x1202
 )
--- a/eddsa.go
+++ b/eddsa.go
@@ -8,14 +8,19 @@ import (
 	"github.com/multiformats/go-multicodec"
 )

+// Constants containing multicodec.Code values that specify EdDSA signatures.
 const (
-	SignAlgorithmEdDSA   = SignAlgorithm(multicodec.Ed25519Pub)
-	SignAlgorithmEd25519 = SignAlgorithm(multicodec.Ed25519Pub)
-	SignAlgorithmEd448   = SignAlgorithm(multicodec.Ed448Pub)
+	DiscriminatorEdDSA   = Discriminator(multicodec.Ed25519Pub)
+	DiscriminatorEd25519 = Discriminator(multicodec.Ed25519Pub)
+	DiscriminatorEd448   = Discriminator(multicodec.Ed448Pub)
 )

+// EdDSACurve are multicodec.Code values that specify which Edwards curve
+// is used when generating the signature.
 type EdDSACurve uint64

+// Constants describing the multicodec.Code for each specific Edwards
+// curve that can be encoded into a Varsig.
 const (
 	CurveEd25519 = EdDSACurve(multicodec.Ed25519Pub)
 	CurveEd448   = EdDSACurve(multicodec.Ed448Pub)
@@ -23,6 +28,8 @@ const (

 var _ Varsig = (*EdDSAVarsig)(nil)

+// EdDSAVarsig is a varsig that encodes the parameters required to describe
+// an EdDSA signature.
 type EdDSAVarsig struct {
 	varsig[EdDSAVarsig]

@@ -30,25 +37,27 @@ type EdDSAVarsig struct {
 	hashAlg HashAlgorithm
 }

+// NewEdDSAVarsig creates and validates an EdDSA varsig with the provided
+// curve, hash algorithm and payload encoding.
 func NewEdDSAVarsig(curve EdDSACurve, hashAlgorithm HashAlgorithm, payloadEncoding PayloadEncoding, opts ...Option) (*EdDSAVarsig, error) {
 	options := newOptions(opts...)

 	var (
 		vers = Version1
-		signAlg = SignAlgorithmEdDSA
+		disc = DiscriminatorEdDSA
 		sig  = []byte{}
 	)

 	if options.ForceVersion0() {
 		vers = Version0
-		signAlg = SignAlgorithm(curve)
+		disc = Discriminator(curve)
 		sig = options.Signature()
 	}

 	v := &EdDSAVarsig{
 		varsig: varsig[EdDSAVarsig]{
 			vers:   vers,
-			signAlg: signAlg,
+			disc:   disc,
 			payEnc: payloadEncoding,
 			sig:    sig,
 		},
@@ -59,14 +68,18 @@ func NewEdDSAVarsig(curve EdDSACurve, hashAlgorithm HashAlgorithm, payloadEncodi
 	return v.validateSig(v, ed25519.PrivateKeySize)
 }

+// Curve returns the Edwards curve used to generate the EdDSA signature.
 func (v *EdDSAVarsig) Curve() EdDSACurve {
 	return v.curve
 }

+// HashAlgorithm returns the multicodec.Code describing the hash algorithm
+// used to hash the payload content before the signature is generated.
 func (v *EdDSAVarsig) HashAlgorithm() HashAlgorithm {
 	return v.hashAlg
 }

+// Encode returns the encoded byte format of the EdDSAVarsig.
 func (v EdDSAVarsig) Encode() []byte {
 	buf := v.encode()

@@ -81,8 +94,8 @@ func (v EdDSAVarsig) Encode() []byte {
 	return buf
 }

-func decodeEd25519(r *bytes.Reader, vers Version, signAlg SignAlgorithm) (Varsig, error) {
-	curve := uint64(signAlg)
+func decodeEd25519(r *bytes.Reader, vers Version, disc Discriminator) (Varsig, error) {
+	curve := uint64(disc)
 	if vers != Version0 {
 		u, err := binary.ReadUvarint(r)

@@ -101,7 +114,7 @@ func decodeEd25519(r *bytes.Reader, vers Version, signAlg SignAlgorithm) (Varsig
 	v := &EdDSAVarsig{
 		varsig: varsig[EdDSAVarsig]{
 			vers: vers,
-			signAlg: signAlg,
+			disc: disc,
 		},
 		curve:   EdDSACurve(curve),
 		hashAlg: HashAlgorithm(hashAlg),
@@ -109,8 +122,3 @@ func decodeEd25519(r *bytes.Reader, vers Version, signAlg SignAlgorithm) (Varsig

 	return v.decodePayEncAndSig(r, v, ed25519.PrivateKeySize)
 }
-
-// TODO: remove this when parseEd25519 is added to the DefaultRegistry.
-func Junk() {
-	_, _ = decodeEd25519(nil, 0, 0)
-}
--- a/eddsa_test.go
+++ b/eddsa_test.go
@@ -31,7 +31,7 @@ func TestDecodeEd25519(t *testing.T) {
 			require.NoError(t, err)
 			require.NotNil(t, v)
 			assert.Equal(t, varsig.Version0, v.Version())
-			assert.Equal(t, varsig.SignAlgorithmEd25519, v.SignatureAlgorithm())
+			assert.Equal(t, varsig.DiscriminatorEd25519, v.Discriminator())
 			assert.Equal(t, varsig.PayloadEncodingDAGCBOR, v.PayloadEncoding())
 			assert.Len(t, v.Signature(), 64)

--- a/error.go
+++ b/error.go
@@ -30,9 +30,9 @@ var ErrUnknownHashAlgorithm = errors.New("unknown hash algorithm")
 // for this field may vary based on the varsig version.
 var ErrUnsupportedPayloadEncoding = errors.New("unsupported payload encoding")

-// ErrUnknownSignAlgorith is returned when the Registry doesn't have a
+// ErrUnknowndiscorith is returned when the Registry doesn't have a
 // parsing function for the decoded signing algorithm.
-var ErrUnknownSignAlgorithm = errors.New("unknown signing algorithm")
+var ErrUnknownDiscriminator = errors.New("unknown signing algorithm")

 // ErrUnsupportedVersion is returned when an unsupported varsig version
 // field is present.
--- a/registry.go
+++ b/registry.go
@@ -6,8 +6,11 @@ import (
 	"fmt"
 )

+// Version represents which version of the vasig specification was used
+// to produce Varsig value.
 type Version uint64

+// Constancts for the existing varsig specifications
 const (
 	Version0 Version = 0
 	Version1 Version = 1
@@ -15,22 +18,22 @@ const (

 // DecodeFunc is a function that parses the varsig representing a specific
 // signing algorithm.
-type DecodeFunc func(*bytes.Reader, Version, SignAlgorithm) (Varsig, error)
+type DecodeFunc func(*bytes.Reader, Version, Discriminator) (Varsig, error)

 // Registry contains a mapping between known signing algorithms, and
 // functions that can parse varsigs for that signing algorithm.
-type Registry map[SignAlgorithm]DecodeFunc
+type Registry map[Discriminator]DecodeFunc

 // DefaultRegistry provides a Registry containing the mappings for the
 // signing algorithms which have an implementation within this library.
 func DefaultRegistry() Registry {
-	return map[SignAlgorithm]DecodeFunc{
-		SignAlgorithmRSA:            decodeRSA,
-		SignAlgorithmEdDSA:          decodeEd25519,
-		SignAlgorithmEd448:          decodeEd25519,
-		SignAlgorithmECDSAP256:      notYetImplementedVarsigDecoder,
-		SignAlgorithmECDSASecp256k1: notYetImplementedVarsigDecoder,
-		SignAlgorithmECDSAP521:      notYetImplementedVarsigDecoder,
+	return map[Discriminator]DecodeFunc{
+		DiscriminatorRSA:            decodeRSA,
+		DiscriminatorEdDSA:          decodeEd25519,
+		DiscriminatorEd448:          decodeEd25519,
+		DiscriminatorECDSAP256:      notYetImplementedVarsigDecoder,
+		DiscriminatorECDSASecp256k1: notYetImplementedVarsigDecoder,
+		DiscriminatorECDSAP521:      notYetImplementedVarsigDecoder,
 	}
 }

@@ -41,7 +44,7 @@ func NewRegistry() Registry {

 // Register allows new mappings between a signing algorithm and its parsing
 // function to the Registry.
-func (rs Registry) Register(alg SignAlgorithm, decodeFunc DecodeFunc) {
+func (rs Registry) Register(alg Discriminator, decodeFunc DecodeFunc) {
 	rs[alg] = decodeFunc
 }

@@ -63,20 +66,20 @@ func (rs Registry) DecodeStream(r *bytes.Reader) (Varsig, error) {
 		return nil, fmt.Errorf("%w: expected %d, got %d", ErrBadPrefix, Prefix, pre)
 	}

-	vers, signAlg, err := rs.decodeVersAndSignAlg(r)
+	vers, disc, err := rs.decodeVersAnddisc(r)
 	if err != nil {
 		return nil, err
 	}

-	decodeFunc, ok := rs[SignAlgorithm(signAlg)]
+	decodeFunc, ok := rs[Discriminator(disc)]
 	if !ok {
-		return nil, fmt.Errorf("%w: %x", ErrUnknownSignAlgorithm, signAlg)
+		return nil, fmt.Errorf("%w: %x", ErrUnknownDiscriminator, disc)
 	}

-	return decodeFunc(r, vers, signAlg)
+	return decodeFunc(r, vers, disc)
 }

-func (rs Registry) decodeVersAndSignAlg(r *bytes.Reader) (Version, SignAlgorithm, error) {
+func (rs Registry) decodeVersAnddisc(r *bytes.Reader) (Version, Discriminator, error) {
 	vers, err := binary.ReadUvarint(r)
 	if err != nil {
 		return Version(vers), 0, err
@@ -87,14 +90,14 @@ func (rs Registry) decodeVersAndSignAlg(r *bytes.Reader) (Version, SignAlgorithm
 	}

 	if vers >= 64 {
-		return 0, SignAlgorithm(vers), nil
+		return 0, Discriminator(vers), nil
 	}

-	signAlg, err := binary.ReadUvarint(r)
+	disc, err := binary.ReadUvarint(r)

-	return Version(vers), SignAlgorithm(signAlg), err
+	return Version(vers), Discriminator(disc), err
 }

-func notYetImplementedVarsigDecoder(_ *bytes.Reader, vers Version, signAlg SignAlgorithm) (Varsig, error) {
-	return nil, fmt.Errorf("%w: Version: %d, SignAlgorithm: %x", ErrNotYetImplemented, vers, signAlg)
+func notYetImplementedVarsigDecoder(_ *bytes.Reader, vers Version, disc Discriminator) (Varsig, error) {
+	return nil, fmt.Errorf("%w: Version: %d, Discriminator: %x", ErrNotYetImplemented, vers, disc)
 }
--- a/registry_test.go
+++ b/registry_test.go
@@ -25,7 +25,7 @@ func TestRegistry_Decode(t *testing.T) {
 		vs, err := reg.DecodeStream(bytes.NewReader(data))
 		require.NoError(t, err)
 		assert.Equal(t, varsig.Version0, vs.Version())
-		assert.Equal(t, testSignAlgorithm1, vs.SignatureAlgorithm())
+		assert.Equal(t, testDiscriminator1, vs.Discriminator())
 	})

 	t.Run("passes - v1", func(t *testing.T) {
@@ -39,21 +39,21 @@ func TestRegistry_Decode(t *testing.T) {
 		vs, err := reg.DecodeStream(bytes.NewReader(data))
 		require.NoError(t, err)
 		assert.Equal(t, varsig.Version1, vs.Version())
-		assert.Equal(t, testSignAlgorithm1, vs.SignatureAlgorithm())
+		assert.Equal(t, testDiscriminator1, vs.Discriminator())
 	})
 }

 const (
-	testSignAlgorithm0 varsig.SignAlgorithm = 0x1000
-	testSignAlgorithm1 varsig.SignAlgorithm = 0x1001
+	testDiscriminator0 varsig.Discriminator = 0x1000
+	testDiscriminator1 varsig.Discriminator = 0x1001
 )

 func testRegistry(t *testing.T) varsig.Registry {
 	t.Helper()

 	reg := varsig.NewRegistry()
-	reg.Register(testSignAlgorithm0, testDecodeFunc(t))
-	reg.Register(testSignAlgorithm1, testDecodeFunc(t))
+	reg.Register(testDiscriminator0, testDecodeFunc(t))
+	reg.Register(testDiscriminator1, testDecodeFunc(t))

 	return reg
 }
@@ -61,10 +61,10 @@ func testRegistry(t *testing.T) varsig.Registry {
 func testDecodeFunc(t *testing.T) varsig.DecodeFunc {
 	t.Helper()

-	return func(r *bytes.Reader, vers varsig.Version, signAlg varsig.SignAlgorithm) (varsig.Varsig, error) {
+	return func(r *bytes.Reader, vers varsig.Version, disc varsig.Discriminator) (varsig.Varsig, error) {
 		v := &testVarsig{
 			vers: vers,
-			signAlg: signAlg,
+			disc: disc,
 		}

 		return v, nil
@@ -75,7 +75,7 @@ var _ varsig.Varsig = (*testVarsig)(nil)

 type testVarsig struct {
 	vers   varsig.Version
-	signAlg varsig.SignAlgorithm
+	disc   varsig.Discriminator
 	payEnc varsig.PayloadEncoding
 	sig    []byte
 }
@@ -84,8 +84,8 @@ func (v *testVarsig) Version() varsig.Version {
 	return v.vers
 }

-func (v *testVarsig) SignatureAlgorithm() varsig.SignAlgorithm {
-	return v.signAlg
+func (v *testVarsig) Discriminator() varsig.Discriminator {
+	return v.disc
 }

 func (v *testVarsig) PayloadEncoding() varsig.PayloadEncoding {
--- a/rsa.go
+++ b/rsa.go
@@ -7,12 +7,13 @@ import (
 	"github.com/multiformats/go-multicodec"
 )

-const SignAlgorithmRSA = SignAlgorithm(multicodec.RsaPub)
+// DiscriminatorRSA is the multicodec.Code specifying an RSA signature.
+const DiscriminatorRSA = Discriminator(multicodec.RsaPub)

 var _ Varsig = (*RSAVarsig)(nil)

 // RSAVarsig is a varsig that encodes the parameters required to describe
-// and RSA signature.
+// an RSA signature.
 type RSAVarsig struct {
 	varsig[RSAVarsig]
 	hashAlg HashAlgorithm
@@ -20,7 +21,7 @@ type RSAVarsig struct {
 }

 // NewRSAVarsig creates and validates an RSA varsig with the provided
-// parameters.
+// hash algorithm, key length and payload encoding.
 func NewRSAVarsig(hashAlgorithm HashAlgorithm, keyLength uint64, payloadEncoding PayloadEncoding, opts ...Option) (*RSAVarsig, error) {
 	options := newOptions(opts...)

@@ -37,7 +38,7 @@ func NewRSAVarsig(hashAlgorithm HashAlgorithm, keyLength uint64, payloadEncoding
 	v := &RSAVarsig{
 		varsig: varsig[RSAVarsig]{
 			vers:   vers,
-			signAlg: SignAlgorithmRSA,
+			disc:   DiscriminatorRSA,
 			payEnc: payloadEncoding,
 			sig:    sig,
 		},
@@ -48,7 +49,7 @@ func NewRSAVarsig(hashAlgorithm HashAlgorithm, keyLength uint64, payloadEncoding
 	return v.validateSig(v, v.sigLen)
 }

-// Encode returns the encoded byte formation of the RSAVarsig.
+// Encode returns the encoded byte format of the RSAVarsig.
 func (v RSAVarsig) Encode() []byte {
 	buf := v.encode()
 	buf = binary.AppendUvarint(buf, uint64(v.hashAlg))
@@ -70,7 +71,7 @@ func (v *RSAVarsig) KeyLength() uint64 {
 	return v.sigLen
 }

-func decodeRSA(r *bytes.Reader, vers Version, signAlg SignAlgorithm) (Varsig, error) {
+func decodeRSA(r *bytes.Reader, vers Version, disc Discriminator) (Varsig, error) {
 	hashAlg, err := DecodeHashAlgorithm(r)
 	if err != nil {
 		return nil, err
@@ -84,7 +85,7 @@ func decodeRSA(r *bytes.Reader, vers Version, signAlg SignAlgorithm) (Varsig, er
 	vs := &RSAVarsig{
 		varsig: varsig[RSAVarsig]{
 			vers: vers,
-			signAlg: signAlg,
+			disc: disc,
 		},
 		hashAlg: HashAlgorithm(hashAlg),
 		sigLen:  sigLen,
--- a/rsa_test.go
+++ b/rsa_test.go
@@ -30,7 +30,7 @@ func TestRSAVarsig(t *testing.T) {
 		require.True(t, ok)

 		assert.Equal(t, varsig.Version1, rsaVs.Version())
-		assert.Equal(t, varsig.SignAlgorithmRSA, rsaVs.SignatureAlgorithm())
+		assert.Equal(t, varsig.DiscriminatorRSA, rsaVs.Discriminator())
 		assert.Equal(t, varsig.HashAlgorithmSHA256, rsaVs.HashAlgorithm())
 		assert.Equal(t, varsig.PayloadEncodingDAGCBOR, rsaVs.PayloadEncoding())
 		assert.Equal(t, uint64(keyLen), rsaVs.KeyLength())
@@ -73,7 +73,7 @@ func TestUCANExample(t *testing.T) {
 		require.True(t, ok)

 		assert.Equal(t, varsig.Version0, rsaVs.Version())
-		assert.Equal(t, varsig.SignAlgorithmRSA, rsaVs.SignatureAlgorithm())
+		assert.Equal(t, varsig.DiscriminatorRSA, rsaVs.Discriminator())
 		assert.Equal(t, varsig.HashAlgorithmSHA256, rsaVs.HashAlgorithm())
 		assert.Equal(t, varsig.PayloadEncodingDAGCBOR, rsaVs.PayloadEncoding())
 		assert.Equal(t, uint64(keyLen), rsaVs.KeyLength())
--- a/varsig.go
+++ b/varsig.go
@@ -23,19 +23,14 @@ import (
 	"bytes"
 	"encoding/binary"
 	"io"
-
-	"github.com/multiformats/go-multicodec"
 )

-// Prefix is the multicodec.Code for the varsig's varuint prefix byte.
-const Prefix = uint64(multicodec.Varsig)
-
 // Varsig represents types that describe how a signature was generated
 // and thus how to interpret the signature and verify the signed data.
 type Varsig interface {
 	// accessors for fields that are common to all varsig
 	Version() Version
-	SignatureAlgorithm() SignAlgorithm
+	Discriminator() Discriminator
 	PayloadEncoding() PayloadEncoding
 	Signature() []byte

@@ -57,7 +52,7 @@ func DecodeStream(r *bytes.Reader) (Varsig, error) {

 type varsig[T Varsig] struct {
 	vers   Version
-	signAlg SignAlgorithm
+	disc   Discriminator
 	payEnc PayloadEncoding
 	sig    []byte
 }
@@ -67,10 +62,10 @@ func (v varsig[_]) Version() Version {
 	return v.vers
 }

-// SignatureAlgorithm returns the algorithm used to produce corresponding
+// Discriminator returns the algorithm used to produce corresponding
 // signature.
-func (v varsig[_]) SignatureAlgorithm() SignAlgorithm {
-	return v.signAlg
+func (v varsig[_]) Discriminator() Discriminator {
+	return v.disc
 }

 // PayloadEncoding returns the codec that was used to encode the signed
@@ -95,7 +90,7 @@ func (v *varsig[_]) encode() []byte {
 		buf = binary.AppendUvarint(buf, uint64(Version1))
 	}

-	buf = binary.AppendUvarint(buf, uint64(v.signAlg))
+	buf = binary.AppendUvarint(buf, uint64(v.disc))

 	return buf
 }
--- a/varsig_test.go
+++ b/varsig_test.go
@@ -66,7 +66,7 @@ func TestDecode(t *testing.T) {
 		require.NoError(t, err)

 		vs, err := varsig.Decode(data)
-		require.ErrorIs(t, err, varsig.ErrUnknownSignAlgorithm)
+		require.ErrorIs(t, err, varsig.ErrUnknownDiscriminator)
 		assert.Nil(t, vs)
 	})

@@ -77,7 +77,7 @@ func TestDecode(t *testing.T) {
 		require.NoError(t, err)

 		vs, err := varsig.Decode(data)
-		require.ErrorIs(t, err, varsig.ErrUnknownSignAlgorithm)
+		require.ErrorIs(t, err, varsig.ErrUnknownDiscriminator)
 		assert.Nil(t, vs)
 	})

@@ -180,7 +180,7 @@ func roundTrip[T varsig.Varsig](t *testing.T, in T, expEncHex string) T {
 	}

 	assert.Equal(t, in.Version(), out.Version())
-	assert.Equal(t, in.SignatureAlgorithm(), out.SignatureAlgorithm())
+	assert.Equal(t, in.Discriminator(), out.Discriminator())
 	assert.Equal(t, in.PayloadEncoding(), out.PayloadEncoding())
 	assert.Equal(t, in.Signature(), out.Signature())