stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
6e45066e371667ef96fbd4cc99a05223f151f12c
git.stella-ops.org/ops/crypto/sim-crypto-service
History
StellaOps Bot 6e45066e37
Some checks failed
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
up
2025-12-13 09:37:15 +02:00
..
Dockerfile
up the blokcing tasks
2025-12-11 02:32:18 +02:00
Program.cs
up the blokcing tasks
2025-12-11 02:32:18 +02:00
README.md
up the blokcing tasks
2025-12-11 02:32:18 +02:00
SimCryptoService.csproj
up
2025-12-13 09:37:15 +02:00

README.md

Sim Crypto Service · 2025-12-11

Minimal HTTP service to simulate sovereign crypto providers when licensed hardware or certified modules are unavailable.

Endpoints

  • POST /sign — body: {"message":"<string>","algorithm":"<id>"}; returns {"signature_b64":"...","algorithm":"<id>"}.
  • POST /verify — body: {"message":"<string>","algorithm":"<id>","signature_b64":"..."}; returns {"ok":true/false,"algorithm":"<id>"}.
  • GET /keys — returns public key info for simulated providers.

Supported simulated provider IDs

  • GOST: GOST12-256, GOST12-512, ru.magma.sim, ru.kuznyechik.sim — deterministic HMAC-SHA256.
  • SM: SM2, sm.sim, sm2.sim — deterministic HMAC-SHA256.
  • PQ: DILITHIUM3, FALCON512, pq.sim — deterministic HMAC-SHA256.
  • FIPS/eIDAS/KCMVP/world: ES256, ES384, ES512, fips.sim, eidas.sim, kcmvp.sim, world.sim — ECDSA P-256 with a static key.

Build & run

dotnet run -c Release --project ops/crypto/sim-crypto-service/SimCryptoService.csproj
# or
docker build -t sim-crypto -f ops/crypto/sim-crypto-service/Dockerfile ops/crypto/sim-crypto-service
docker run --rm -p 8080:8080 sim-crypto

Wiring

  • Set STELLAOPS_CRYPTO_ENABLE_SIM=1 to append sim.crypto.remote to the registry preference order.
  • Point the provider at the service: STELLAOPS_CRYPTO_SIM_URL=http://localhost:8080 (or bind StellaOps:Crypto:Sim:BaseAddress in config).
  • SimRemoteProviderOptions.Algorithms already includes the IDs above; extend if you need extra aliases.

Notes

  • Replaces the legacy SM-only simulator; use this unified service for SM, PQ, GOST, and FIPS/eIDAS/KCMVP placeholders.
  • Deterministic HMAC for SM/PQ/GOST; static ECDSA key for the rest. Not for production use.
  • No licensed binaries are shipped; everything is BCL-only.