# ICryptoProviderRegistry Prep — PREP-EVID-CRYPTO-90-001 (Draft)

Status: Draft (2025-11-20)
Owners: Evidence Locker Guild · Security Guild
Scope: Capture requirements for crypto provider registry readiness to support sovereign/region-specific profiles.

## Required capabilities
- Registry interface to resolve crypto providers by profile ID (e.g., `default`, `ru-offline`, `fips140`, `eidass`).
- Provider metadata: `{algorithms[], key_formats[], offline_supported, hsm_supported, oq_ready}`.
- Deterministic selection rules: prefer tenant-scoped overrides, fall back to platform defaults; no network fetch.

## Integration points
- Evidence Locker signing pipeline to request provider by profile when sealing bundles.
- Replay validation to know which algorithms/hashes are acceptable for DSSE verification.

## Dependencies
- Final list of sovereign profiles from Security Guild.
- Key storage/backing (KMS/HSM) availability per profile.

## Handoff
Use this as the prep artefact for PREP-EVID-CRYPTO-90-001; update once profile list and key storage rules are confirmed.