stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
d0f2cc3b2cf0dfa4b1ea69737ad5ebd02089fbc6
git.stella-ops.org/docs/features/checked/attestor/enhanced-rekor-proof-persistence.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.6 KiB
Raw Blame History

Enhanced Rekor Proof Persistence

Module

Attestor

Status

VERIFIED

Description

Enhanced Rekor proof persistence storing checkpoint signatures, checkpoint notes, entry body hashes, and verification timestamps for complete offline verification without Rekor connectivity.

Implementation Details

  • Rekor Entry Entity: src/Attestor/__Libraries/StellaOps.Attestor.Persistence/Entities/RekorEntryEntity.cs -- database entity storing Rekor entries with inclusion proofs, checkpoint data, and verification timestamps.
  • DSSE Envelope Entity: Entities/DsseEnvelopeEntity.cs -- persists signed DSSE envelopes associated with Rekor entries.
  • Spine Entity: Entities/SpineEntity.cs -- persists proof spine data.
  • Trust Anchor Entity: Entities/TrustAnchorEntity.cs -- stores trust anchor data for offline verification.
  • Proof Chain DB Context: ProofChainDbContext.cs -- EF Core DbContext for proof chain persistence.
  • Repositories: Repositories/IProofChainRepository.cs -- repository interface. IVerdictLedgerRepository.cs -- verdict ledger repository.
  • Trust Anchor Matcher: Services/TrustAnchorMatcher.cs -- matches entries against persisted trust anchors.
  • Rekor Checkpoint Store: src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Storage/Rekor/PostgresRekorCheckpointStore.cs -- PostgreSQL checkpoint persistence.
  • Offline Receipt Verifier: StellaOps.Attestor.Core/Verification/RekorOfflineReceiptVerifier.cs -- verifies receipts using persisted data.
  • Tests: __Tests/StellaOps.Attestor.Persistence.Tests/ProofChainDbContextTests.cs, TrustAnchorMatcherTests.cs

E2E Test Plan

  • Persist a Rekor entry with inclusion proof and checkpoint via RekorEntryEntity and retrieve it, verifying all fields
  • Persist a DSSE envelope via DsseEnvelopeEntity and verify association with its Rekor entry
  • Store a trust anchor via TrustAnchorEntity and verify TrustAnchorMatcher can match entries against it
  • Store checkpoint signatures via PostgresRekorCheckpointStore and retrieve them for offline verification
  • Verify a Rekor receipt offline using RekorOfflineReceiptVerifier with only persisted data (no network)
  • Persist a spine entity and verify it links to its constituent proof entries
  • Verify ProofChainDbContext migrations create correct schema with all required tables and indexes

Verification

Check Result
Tier 0 - Source Verification PASS
Tier 1 - Build + Code Review PASS
Tier 2 - Behavioral Verification PASS
Verified Date 2026-02-13
Run ID run-001