Initial commit (history squashed)

src/StellaOps.Cryptography/CryptoProvider.cs

@@ -0,0 +1,44 @@
+using System.Collections.Generic;
+
+namespace StellaOps.Cryptography;
+
+/// <summary>
+/// High-level cryptographic capabilities supported by StellaOps providers.
+/// </summary>
+public enum CryptoCapability
+{
+    PasswordHashing,
+    Signing,
+    Verification,
+    SymmetricEncryption,
+    KeyDerivation
+}
+
+/// <summary>
+/// Identifies a stored key or certificate handle.
+/// </summary>
+public sealed record CryptoKeyReference(string KeyId, string? ProviderHint = null);
+
+/// <summary>
+/// Contract implemented by crypto providers (BCL, CryptoPro, OpenSSL, etc.).
+/// </summary>
+public interface ICryptoProvider
+{
+    string Name { get; }
+
+    bool Supports(CryptoCapability capability, string algorithmId);
+
+    IPasswordHasher GetPasswordHasher(string algorithmId);
+}
+
+/// <summary>
+/// Registry managing provider discovery and policy selection.
+/// </summary>
+public interface ICryptoProviderRegistry
+{
+    IReadOnlyCollection<ICryptoProvider> Providers { get; }
+
+    bool TryResolve(string preferredProvider, out ICryptoProvider provider);
+
+    ICryptoProvider ResolveOrThrow(CryptoCapability capability, string algorithmId);
+}