stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
d519782a8f0b30f425c9b6ae0f316b19259972a2
git.stella-ops.org/docs/modules/evidence-locker/crypto-provider-registry-prep.md
master d519782a8f
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
prep docs and service updates
2025-11-21 06:56:36 +00:00

1.0 KiB
Raw Blame History

Evidence Locker Crypto Registry Prep — PREP-EVID-CRYPTO-90-001

Status: Ready for implementation (2025-11-20) Owners: Evidence Locker Guild · Security Guild Scope: Document ICryptoProviderRegistry expectations for Evidence Locker hashing/signing (manifest digests, DSSE, bundle encryption) including sovereign profiles.

Requirements

  • Registry entries must expose: ProviderId, Algorithms (signing/hash), KeyUri, IsFips, IsPQReady, SupportsTimestamping.
  • Evidence Locker must select provider via config EvidenceLocker:Crypto:ProviderId with default stella-default.
  • DSSE signing for bundles uses providers signing key; hashing uses provider hash list in order (sha256 first, optional gost for RU profile).
  • JWKS/keys: provider responsible for exporting JWKS; Evidence Locker caches JWKS via configured KeyUri; cache TTL configurable.

Acceptance criteria

  • Prep doc published here; sprint task marked DONE.
  • Provider selection/config rules recorded; hashing/signing responsibilities clarified.