1.8 KiB
1.8 KiB
Sim Crypto Service · 2025-12-11
Minimal HTTP service to simulate sovereign crypto providers when licensed hardware or certified modules are unavailable.
Endpoints
POST /sign— body:{"message":"<string>","algorithm":"<id>"}; returns{"signature_b64":"...","algorithm":"<id>"}.POST /verify— body:{"message":"<string>","algorithm":"<id>","signature_b64":"..."}; returns{"ok":true/false,"algorithm":"<id>"}.GET /keys— returns public key info for simulated providers.
Supported simulated provider IDs
- GOST:
GOST12-256,GOST12-512,ru.magma.sim,ru.kuznyechik.sim— deterministic HMAC-SHA256. - SM:
SM2,sm.sim,sm2.sim— deterministic HMAC-SHA256. - PQ:
DILITHIUM3,FALCON512,pq.sim— deterministic HMAC-SHA256. - FIPS/eIDAS/KCMVP/world:
ES256,ES384,ES512,fips.sim,eidas.sim,kcmvp.sim,world.sim— ECDSA P-256 with a static key.
Build & run
dotnet run -c Release --project ops/crypto/sim-crypto-service/SimCryptoService.csproj
# or
docker build -t sim-crypto -f ops/crypto/sim-crypto-service/Dockerfile ops/crypto/sim-crypto-service
docker run --rm -p 8080:8080 sim-crypto
Wiring
- Set
STELLAOPS_CRYPTO_ENABLE_SIM=1to appendsim.crypto.remoteto the registry preference order. - Point the provider at the service:
STELLAOPS_CRYPTO_SIM_URL=http://localhost:8080(or bindStellaOps:Crypto:Sim:BaseAddressin config). SimRemoteProviderOptions.Algorithmsalready includes the IDs above; extend if you need extra aliases.
Notes
- Replaces the legacy SM-only simulator; use this unified service for SM, PQ, GOST, and FIPS/eIDAS/KCMVP placeholders.
- Deterministic HMAC for SM/PQ/GOST; static ECDSA key for the rest. Not for production use.
- No licensed binaries are shipped; everything is BCL-only.