astrid-crypto

Cryptographic primitives for the Astrid secure agent runtime.

Overview

This crate provides the cryptographic foundation for Astrid, implementing the core philosophy: Cryptography over prompts. Authorization comes from ed25519 signatures and capability tokens, not from hoping the LLM follows instructions.

Features

• Ed25519 Key Pairs - Asymmetric signing with secure memory handling via zeroize
• Digital Signatures - Sign and verify capability tokens and audit entries
• BLAKE3 Content Hashing - Fast, secure hashing for audit chains and verification
• Serialization - Serde support with base64/hex encoding

Key Exports

• KeyPair - Ed25519 signing key pair with secure memory
• PublicKey - Ed25519 public key for verification
• Signature - Digital signature wrapper
• ContentHash - BLAKE3 hash for content verification

Usage

use astrid_crypto::{KeyPair, ContentHash};

// Generate a new key pair
let keypair = KeyPair::generate();

// Sign a message
let message = b"important data";
let signature = keypair.sign(message);

// Verify the signature
assert!(keypair.verify(message, &signature).is_ok());

// Hash content
let hash = ContentHash::hash(message);
println!("Hash: {}", hash.to_hex());

Dependencies

• ed25519-dalek - Ed25519 signatures
• blake3 - Content hashing
• zeroize - Secure memory clearing
• serde - Serialization support

Security

This crate enforces #![deny(unsafe_code)] and uses zeroize to clear sensitive key material from memory when dropped.

License

This crate is licensed under the MIT license.