# StellaOps Cryptography Configuration - International Profile # This configuration enables all standard cryptographic algorithms without regional restrictions. # Use this profile for international deployments or development/testing environments. StellaOps: Crypto: Plugins: # Path to the plugin manifest JSON file ManifestPath: "/etc/stellaops/crypto-plugins-manifest.json" # Discovery mode: "explicit" (only load configured plugins) or "auto" (load all compatible) # Production deployments should use "explicit" for security DiscoveryMode: "explicit" # List of enabled plugins with optional priority and configuration overrides Enabled: - Id: "default" Priority: 100 Options: {} - Id: "libsodium" Priority: 90 Options: {} - Id: "bouncycastle.ed25519" Priority: 85 Options: {} # Post-quantum cryptography (experimental) - Id: "pq.soft" Priority: 60 Options: {} # Explicitly disabled plugins Disabled: [] # Fail application startup if a configured plugin cannot be loaded FailOnMissingPlugin: true # Require at least one crypto provider to be successfully loaded RequireAtLeastOne: true Compliance: # Compliance profile identifier ProfileId: "world" # Enable strict validation (reject algorithms not compliant with profile) StrictValidation: false # Enforce jurisdiction filtering (only load plugins for specified jurisdictions) EnforceJurisdiction: false # Allowed jurisdictions (empty = all allowed) AllowedJurisdictions: [] # Canonical algorithm preferences by purpose HashAlgorithm: "SHA-256" SignatureAlgorithm: "ES256" # Enable algorithm downgrade warnings WarnOnWeakAlgorithms: true # Optional: Override default provider preferences # Crypto: # Registry: # PreferredProviders: # - "default" # - "libsodium" # - "bouncycastle.ed25519"