// Licensed to StellaOps under the AGPL-3.0-or-later license. namespace StellaOps.ReachGraph.Signing; ///

/// Key store abstraction for ReachGraph signing operations. /// Wraps the underlying cryptographic key management (Attestor, Signer module, etc.). ///

public interface IReachGraphKeyStore { ///

/// Sign data with the specified key. ///

/// The key identifier. /// The data to sign (typically PAE-encoded). /// Cancellation token. /// The signature bytes. Task SignAsync(string keyId, byte[] data, CancellationToken cancellationToken = default); ///

/// Verify a signature with the specified key. ///

/// The key identifier. /// The data that was signed. /// The signature to verify. /// Cancellation token. /// True if signature is valid, false otherwise. Task VerifyAsync(string keyId, byte[] data, byte[] signature, CancellationToken cancellationToken = default); ///

/// Check if a key exists and is available for signing. ///

/// The key identifier. /// Cancellation token. /// True if key exists and can sign, false otherwise. Task CanSignAsync(string keyId, CancellationToken cancellationToken = default); ///

/// Check if a key exists and is available for verification. ///

/// The key identifier. /// Cancellation token. /// True if key exists and can verify, false otherwise. Task CanVerifyAsync(string keyId, CancellationToken cancellationToken = default); }