ave_identity/lib.rs
1//! # Crypto Module
2//!
3//! A generic cryptographic module with algorithm identification via single-letter prefixes
4//! and secure key storage using encrypted memory.
5//!
6//! This module provides generic traits for hash functions and digital signatures,
7//! with each algorithm identified by a unique 1-byte (single letter) prefix.
8//!
9//! ## Design
10//!
11//! - Each algorithm has a 1-byte identifier (e.g., 'B' for Blake3)
12//! - The identifier is prepended to the output (hash or signature)
13//! - When parsing from Base64 strings, the first character identifies the algorithm
14//! - Generic traits allow easy addition of new algorithms
15//! - Private keys are stored encrypted in memory using `memsecurity` crate
16//!
17//! ## Security Features
18//!
19//! - **Encrypted storage**: Private keys are encrypted using ASCON AEAD
20//! - **Automatic zeroization**: Memory is cleared when keys are dropped
21//! - **Memory locking**: Keys are locked in RAM (mlock) to prevent swap
22//! - **Temporary decryption**: Keys are only decrypted during signing operations
23//!
24//! ## Currently Supported Algorithms
25//!
26//! - **Hash**: Blake3 (32 bytes) with identifier 'B'
27//! - **Signature**: Ed25519 with identifier 'E'
28//!
29//! ## Modules
30//!
31//! - [`hash`]: Hash functions with algorithm identification
32//! - [`keys`]: Digital signature algorithms and key management
33//! - [`signature`]: High-level signature structures with metadata
34//! - [`timestamp`]: Timestamp utilities for signatures
35//! - [`error`]: Error types for cryptographic operations
36
37mod common;
38pub mod error;
39pub mod hash;
40pub mod keys;
41pub mod signature;
42pub mod timestamp;
43
44pub use error::CryptoError;
45pub use hash::{
46 BLAKE3_HASHER, Blake3Hasher, DigestIdentifier, Hash, HashAlgorithm,
47 hash_borsh,
48};
49pub use keys::{
50 DSA, DSAlgorithm, KeyPair, KeyPairAlgorithm, PublicKey, SignatureIdentifier,
51};
52pub use signature::{Signature, Signed};
53pub use timestamp::TimeStamp;