obsigil 0.4.0

A shared-secret JWT alternative: a mandate-token format splitting a public, advisory manifest from a secret-sealed, authenticated mandate (AES-SIV / AES-GCM-SIV), with fields in canonical CBOR
Documentation
[package]
name = "obsigil"
version = "0.4.0"
edition = "2021"
rust-version = "1.85.0"
license = "MIT OR Apache-2.0"
description = "A shared-secret JWT alternative: a mandate-token format splitting a public, advisory manifest from a secret-sealed, authenticated mandate (AES-SIV / AES-GCM-SIV), with fields in canonical CBOR"
repository = "https://gitlab.com/obsigil/obsigil-rs"
homepage = "https://obsigil.org"
documentation = "https://docs.rs/obsigil"
readme = "README.md"
keywords = ["token", "jwt", "mandate", "aead", "authorization"]
categories = ["cryptography", "authentication"]

[features]
default = []
# Algorithm code 1 (AES-GCM-SIV, spec §5) is OPTIONAL; code 0 (AES-SIV) is
# always compiled. Only authenticated AEADs are ever built in, so an
# unauthenticated mandate is structurally unrepresentable (spec §9.2).
gcm-siv = ["dep:aes-gcm-siv", "dep:hkdf", "dep:sha2"]
# Byte-level low-level surface for test-vector generation and
# cross-implementation conformance (spec §10). Not part of the everyday
# API; enabled by obsigil-cli and conformance runners.
conformance = []

[dependencies]
aes-siv = "0.7.0"
serde = { version = "1", features = ["derive"] }
# Both halves are canonical CBOR (spec §7); CBOR is the one fixed
# serialization, so ciborium is a hard dependency, not a feature.
ciborium = "0.2"
uuid = { version = "1", features = ["v7"] }
zeroize = { version = "1", features = ["derive"] }
subtle = "2"
getrandom = "0.2"
data-encoding = "2"

aes-gcm-siv = { version = "0.11", optional = true }
hkdf = { version = "0.12", optional = true }
sha2 = { version = "0.10", optional = true }

[dev-dependencies]
serde = { version = "1", features = ["derive"] }
serde_json = "1"
# Used by integration tests to hand-build canonical-CBOR plaintexts.
ciborium = "0.2"

[package.metadata.docs.rs]
all-features = true