Skip to main content

Crate claw_crypto

Crate claw_crypto 

Source
Expand description

Cryptographic helpers for Claw VCS capsules and agent identities.

This crate provides Ed25519 signing, capsule signature verification, XChaCha20-Poly1305 private-field encryption, and key derivation helpers. It does not decide policy trust; callers must still decide which keys and evidence are acceptable.

§Example

use claw_core::hash::content_hash;
use claw_core::object::TypeTag;
use claw_core::types::{CapsulePublic, Evidence};
use claw_crypto::capsule::{build_capsule, verify_capsule};
use claw_crypto::keypair::KeyPair;

let keypair = KeyPair::from_bytes(&[7; 32])?;
let revision_id = content_hash(TypeTag::Revision, b"revision payload");
let encryption_key = [42; 32];

let public_fields = CapsulePublic {
    agent_id: "agent-1".to_string(),
    agent_version: Some("1.0.0".to_string()),
    toolchain_digest: None,
    env_fingerprint: None,
    evidence: vec![Evidence {
        name: "unit-tests".to_string(),
        status: "pass".to_string(),
        duration_ms: 120,
        artifact_refs: vec![],
        summary: None,
        revision_id: Some(revision_id),
        command: Some("cargo test".to_string()),
        exit_code: Some(0),
        started_at_ms: Some(1_000),
        ended_at_ms: Some(1_100),
        environment_digest: Some("sha256:env".to_string()),
        runner_identity: Some("runner-a".to_string()),
        log_digest: Some("sha256:log".to_string()),
        artifact_digest: None,
        expires_at_ms: Some(2_000),
        trust_domain: Some("ci".to_string()),
        signature: None,
    }],
};

let capsule = build_capsule(
    &revision_id,
    public_fields,
    Some(b"private build metadata"),
    Some(&encryption_key),
    &keypair,
)?;

assert!(verify_capsule(&capsule, &keypair.public_key_bytes())?);

Re-exports§

pub use error::CryptoError;

Modules§

capsule
Capsule construction, signing, and signature verification.
encrypt
Symmetric private-field encryption helpers.
error
Error types returned by crypto operations.
kdf
BLAKE3-based key derivation helpers.
keypair
Ed25519 keypair creation and serialization.
recipient
Recipient envelope encryption helpers for private capsule fields.
sign
Ed25519 signing helpers.
verify
Ed25519 signature verification helpers.