Expand description
§Crypto Module
A generic cryptographic module with algorithm identification via single-letter prefixes and secure key storage using encrypted memory.
This module provides generic traits for hash functions and digital signatures, with each algorithm identified by a unique 1-byte (single letter) prefix.
§Design
- Each algorithm has a 1-byte identifier (e.g., ‘B’ for Blake3)
- The identifier is prepended to the output (hash or signature)
- When parsing from Base64 strings, the first character identifies the algorithm
- Generic traits allow easy addition of new algorithms
- Private keys are stored encrypted in memory using
memsecuritycrate
§Security Features
- Encrypted storage: Private keys are encrypted using ASCON AEAD
- Automatic zeroization: Memory is cleared when keys are dropped
- Memory locking: Keys are locked in RAM (mlock) to prevent swap
- Temporary decryption: Keys are only decrypted during signing operations
§Currently Supported Algorithms
- Hash: Blake3 (32 bytes) with identifier ‘B’
- Signature: Ed25519 with identifier ‘E’
§Modules
Re-exports§
pub use error::CryptoError;pub use hash::BLAKE3_HASHER;pub use hash::Blake3Hasher;pub use hash::DigestIdentifier;pub use hash::Hash;pub use hash::HashAlgorithm;pub use hash::hash_borsh;pub use keys::DSA;pub use keys::DSAlgorithm;pub use keys::KeyPair;pub use keys::KeyPairAlgorithm;pub use keys::PublicKey;pub use keys::SignatureIdentifier;pub use signature::Signature;pub use signature::Signed;pub use timestamp::TimeStamp;