baseid-crypto

The cryptography crate providing key management and signing operations for all BaseID crates.

Installation

[dependencies]
baseid-crypto = "0.1.0-alpha.1"

Key Generation

use baseid_core::types::KeyType;
use baseid_crypto::KeyPair;

// Ed25519 (default, recommended)
let kp = KeyPair::generate(KeyType::Ed25519)?;

// NIST P-256
let kp = KeyPair::generate(KeyType::P256)?;

// NIST P-384
let kp = KeyPair::generate(KeyType::P384)?;

// secp256k1
let kp = KeyPair::generate(KeyType::Secp256k1)?;

Signing and Verification

let message = b"hello world";

// Sign
let signature = kp.sign(message)?;

// Verify
kp.public.verify(message, &signature)?;

Key Serialization

// Export to JWK
let jwk = kp.to_jwk()?;

// Import from JWK
let kp = KeyPair::from_jwk(&jwk)?;

// Export public key only
let public_jwk = kp.public.to_jwk()?;

Supported Algorithms

Key Type	Signing Algorithm	JWT alg
Ed25519	EdDSA	EdDSA
P-256	ECDSA	ES256
P-384	ECDSA	ES384
Secp256k1	ECDSA	ES256K

Security Notes

• All private keys are zeroized on drop
• No software RNG — uses the OS-provided CSPRNG
• Backend: aws-lc-rs (FIPS-capable)

Full API Reference