stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
b83aa1aa0b040cb378c02c24a4082c1aa34a68ac
git.stella-ops.org/docs/modules/evidence-locker/crypto-provider-registry-prep.md
master d519782a8f
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
prep docs and service updates
2025-11-21 06:56:36 +00:00

17 lines
1.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Evidence Locker Crypto Registry Prep — PREP-EVID-CRYPTO-90-001
Status: **Ready for implementation** (2025-11-20)
Owners: Evidence Locker Guild · Security Guild
Scope: Document ICryptoProviderRegistry expectations for Evidence Locker hashing/signing (manifest digests, DSSE, bundle encryption) including sovereign profiles.
## Requirements
- Registry entries must expose: `ProviderId`, `Algorithms` (signing/hash), `KeyUri`, `IsFips`, `IsPQReady`, `SupportsTimestamping`.
- Evidence Locker must select provider via config `EvidenceLocker:Crypto:ProviderId` with default `stella-default`.
- DSSE signing for bundles uses providers signing key; hashing uses provider hash list in order (sha256 first, optional gost for RU profile).
- JWKS/keys: provider responsible for exporting JWKS; Evidence Locker caches JWKS via configured `KeyUri`; cache TTL configurable.
## Acceptance criteria
- Prep doc published here; sprint task marked DONE.
- Provider selection/config rules recorded; hashing/signing responsibilities clarified.
Reference in New Issue View Git Blame Copy Permalink