stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
e716bc6adca8d1a3ac5a24ad491e5fa99e31cf1c
git.stella-ops.org/docs/features/unchecked/airgap/deterministic-rekor-receipts-with-offline-verification.md

1.6 KiB
Raw Blame History

Deterministic Rekor Receipts with Offline Verification

Module

AirGap

Status

IMPLEMENTED

Description

Offline Rekor receipt verifier validates checkpoint signatures (ECDSA/Ed25519), Merkle inclusion proofs per RFC 6962, and root hash consistency without live transparency log access. Includes TileProxy for local tile-based transparency log proxy, and mirror snapshot resolution for air-gapped deployments.

Implementation Details

  • Rekor proof builder: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Rekor/EnhancedRekorProofBuilder.Build.cs, EnhancedRekorProofBuilder.Validate.cs, EnhancedRekorProofBuilder.cs
  • Rekor inclusion proof: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Rekor/RekorInclusionProof.cs
  • Rekor verification step: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Verification/RekorInclusionVerificationStep.cs
  • Replay verification: src/AirGap/StellaOps.AirGap.Controller/Services/ReplayVerificationService.cs
  • Importer replay: src/AirGap/StellaOps.AirGap.Importer/Contracts/ReplayVerificationRequest.cs, ReplayDepth.cs
  • Merkle proofs: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Merkle/DeterministicMerkleTreeBuilder.Proof.cs, MerkleProof.cs
  • Source: Feature matrix scan

E2E Test Plan

  • Verify Rekor receipt offline verification validates checkpoint signatures (ECDSA/Ed25519)
  • Test Merkle inclusion proof verification per RFC 6962
  • Test root hash consistency verification without live transparency log
  • Verify replay verification service works in air-gapped mode