baseid_crypto/lib.rs
1//! # baseid-crypto
2//!
3//! Cryptographic primitives and key management for BaseID.
4//!
5//! This crate provides:
6//! - Key generation for Ed25519, P-256, P-384, and secp256k1
7//! - Signing and verification via the [`Signer`] and [`Verifier`] traits
8//! - Key serialization (JWK, Multikey)
9//! - Key storage abstraction via the `KeyStore` trait (planned)
10//!
11//! ## Cryptographic Agility
12//!
13//! All operations go through traits, not hardcoded algorithms. This enables
14//! future migration to post-quantum algorithms (ML-DSA) when standardized.
15//!
16//! ## Security
17//!
18//! - All secret key types implement `zeroize::Zeroize` for secure memory cleanup
19//! - No `unsafe` blocks without documented justification
20//! - Key material never exposed in `Debug` output
21
22pub mod jwk;
23pub mod jwt;
24pub mod key;
25pub mod multikey;
26pub mod signer;
27
28pub use jwk::Jwk;
29pub use jwt::{alg_to_str, decode_jwt, decode_jwt_unverified, encode_jwt, str_to_alg, JwtHeader};
30pub use key::{KeyPair, PublicKey};
31pub use signer::{MultiMessageSigner, ProofDeriver, ProofVerifier, Signer, Verifier};