Expand description
§auths-verifier
Attestation verification library for Auths.
This crate provides signature and chain verification without requiring access to private keys or platform keychains. It’s designed to be:
- Lightweight — minimal dependencies
- Cross-platform — works on any target including WASM
- FFI-friendly — C-compatible interface available
§Quick Start
ⓘ
use auths_verifier::{verify_chain, VerificationStatus};
let report = verify_chain(&attestations)?;
match report.status {
VerificationStatus::Valid => println!("Chain verified!"),
VerificationStatus::Expired { at } => println!("Expired at {}", at),
VerificationStatus::InvalidSignature { step } => {
println!("Bad signature at step {}", step);
}
_ => println!("Verification failed"),
}§Authority via Credentials
The verifier checks authenticity only — signatures, chain linkage, expiry,
and witness quorum. Capability/role authority is no longer read from the
attestation; it flows exclusively through a holder-verified ACDC credential
presentation (see auths_id::policy::context_from_credential).
§Feature Flags
wasm— Enable WASM bindings via wasm-bindgen
Re-exports§
pub use types::AssuranceLevel;pub use types::AssuranceLevelParseError;pub use types::CanonicalDid;pub use types::ChainLink;pub use types::DidConversionError;pub use types::DidParseError;pub use types::IdentityDID;pub use types::VerificationReport;pub use types::VerificationStatus;pub use types::signer_hex_to_did;pub use types::validate_did;pub use action::ActionEnvelope;pub use core::ATTESTATION_VERSION;pub use core::Attestation;pub use core::CommitOid;pub use core::CommitOidError;pub use core::DevicePublicKey;pub use core::EcdsaP256Error;pub use core::EcdsaP256PublicKey;pub use core::EcdsaP256Signature;pub use core::Ed25519KeyError;pub use core::Ed25519PublicKey;pub use core::Ed25519Signature;pub use core::IdentityBundle;pub use core::InvalidKeyError;pub use core::MAX_ATTESTATION_JSON_SIZE;pub use core::MAX_JSON_BATCH_SIZE;pub use core::OidcBinding;pub use core::PolicyId;pub use core::PublicKeyDecodeError;pub use core::PublicKeyHex;pub use core::PublicKeyHexError;pub use core::ResourceId;pub use core::Role;pub use core::RoleParseError;pub use core::SignatureAlgorithm;pub use core::SignatureLengthError;pub use core::SignatureVerifyError;pub use core::ThresholdPolicy;pub use core::TypedSignature;pub use core::VerifiedAttestation;pub use core::decode_public_key_bytes;pub use core::decode_public_key_hex;pub use commit_error::CommitVerificationError;pub use error::AttestationError;pub use verifier::Verifier;pub use verify::verify_at_time;pub use verify::verify_chain;pub use verify::verify_chain_with_witnesses;pub use verify::verify_with_keys;pub use verify::DeviceLinkVerification;pub use verify::compute_attestation_seal_digest;pub use verify::is_device_listed;pub use verify::verify_device_link;pub use witness::WitnessQuorum;pub use witness::WitnessReceiptResult;pub use witness::WitnessVerifyConfig;pub use commit::VerifiedCommit;pub use commit_kel::ANCHOR_SEQ_TRAILER;pub use commit_kel::CommitVerdict;pub use commit_kel::SCOPE_TRAILER;pub use commit_kel::VerifierWitnessPolicy;pub use commit_kel::WitnessGateStatus;pub use commit_kel::WitnessedVerdict;pub use commit_kel::anchor_seq_trailer;pub use commit_kel::scope_trailer;pub use commit_kel::verify_commit_against_kel;pub use commit_kel::verify_commit_against_kel_scoped;pub use commit_kel::verify_commit_against_kel_witnessed;pub use ssh_sig::SshKeyType;pub use ssh_sig::SshSigEnvelope;pub use credential::CredentialVerdict;pub use credential::LifecycleEvent;pub use credential::SignedAcdc;pub use credential::verify_credential;pub use credential::verify_credential_sync;pub use presentation::PresentationBinding;pub use presentation::PresentationEnvelope;pub use presentation::PresentationVerdict;pub use presentation::verify_presentation;pub use presentation::verify_presentation_sync;pub use contract::SCHEMA_VERSION;pub use contract::verify_credential_json;pub use contract::verify_presentation_json;pub use clock::ClockProvider;pub use clock::SystemClock;
Modules§
- action
- Typed action envelope for signed actions.
- clock
- Clock provider abstraction for injectable time.
- commit
- Git commit SSH signature extraction and verification.
- commit_
error - Error types for commit signature verification.
- commit_
kel - KEL-native commit verdict — the heart of Epic B.
- contract
- The single cross-boundary verify contract (JSON request → tagged verdict). The single cross-boundary verify contract: one JSON request in, one tagged verdict out.
- core
- Core attestation types and canonical serialization.
- credential
- Pure ACDC credential verification — report facts, never resolve (Epic F.5).
- duplicity
- Detect diverging rotation events on a shared identity KEL.
- error
- Error types for attestation and verification operations.
- presentation
- Holder-binding + presentation verification — credentials are not bearer tokens (Epic F.8).
- ssh_sig
- SSHSIG envelope parsing for SSH signature verification.
- types
- Verification types: reports, statuses, and device DIDs.
- verifier
- Dependency-injected
Verifierfor attestation and chain verification. - verify
- Free-function verification API wrapping
crate::verifier::Verifier. - witness
- Witness receipt verification for the auths-verifier crate.
Structs§
- Capability
- A validated capability identifier.
- Hash256
- 32-byte hash digest (SHA-256, Blake3, or any content address).
- Keri
IcpEvent - Inception event — creates a new KERI identity.
- Keri
IxnEvent - Interaction event — anchors data without key rotation.
- Keri
RotEvent - Rotation event — rotates to pre-committed key.
- Keri
Type Error - Error when constructing KERI newtypes with invalid values.
- Prefix
- Strongly-typed KERI identifier prefix (e.g.,
"ETest123...","DKey456..."). - Said
- KERI Self-Addressing Identifier (SAID).
- Signed
Receipt - A receipt paired with its detached witness signature.
Enums§
- Capability
Error - Error type for capability parsing and validation.
- Keri
Event - Unified event enum for processing any KERI event type.
- Keri
Seal - KERI seal — anchors external data in an event’s
afield. - Validation
Error - Errors specific to KEL validation.
Traits§
- Auths
Error Info - Trait for error metadata providing structured error codes and actionable suggestions.
- Crypto
Provider - Curve-agnostic abstraction for cryptographic operations across target architectures.
Functions§
- compute_
said - Computes a spec-compliant SAID for a KERI event (
KERI10JSONprotocol tag). - find_
seal_ in_ kel - Search for a seal with the given digest in any IXN event in the KEL.
- parse_
kel_ json - Parse a KEL from a JSON string.