# Cryptography

**Status:** Implemented
**Source:** `src/Cryptography/`
**Owner:** Platform Team

## Purpose

Cryptography provides pluggable cryptographic primitives supporting regional standards (eIDAS, FIPS, GOST, SM, PQ). Enables sovereign operation with country-specific crypto requirements while maintaining deterministic signing operations.

## Components

**Libraries:**
- `StellaOps.Cryptography` - Core cryptographic abstractions and plugin loader
- `StellaOps.Cryptography.Profiles.Ecdsa` - ECDSA signing profile (NIST curves, secp256k1)
- `StellaOps.Cryptography.Profiles.EdDsa` - EdDSA signing profile (Ed25519, Ed448)

**Plugin Architecture:**
Additional profiles can be loaded for:
- GOST R 34.10-2012 (Russian Federation)
- SM2/SM3/SM4 (China)
- Post-quantum signatures (experimental)

## Configuration

Cryptographic profiles are configured through module-specific settings (Signer, Attestor, Authority).

Key features:
- Algorithm agility with deterministic output
- Offline key management support
- HSM/TPM integration capability
- Signature scheme negotiation

## Dependencies

- .NET Cryptography APIs
- Optional: Hardware Security Modules (HSM)
- Optional: CryptoPro CSP (for GOST support)

## Related Documentation

- Signer Module: `../signer/`
- Attestor Module: `../attestor/`
- Authority Module: `../authority/`
- Air-Gap Operations: `../../24_OFFLINE_KIT.md`

## Current Status

Core ECDSA and EdDSA profiles implemented. Plugin architecture supports future regional crypto extensions. Integrated with Signer and Attestor modules for deterministic signing operations.