tap-agent 0.7.0

Rust implementation of the Transaction Authorization Protocol (TAP)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160

# tap-agent

## Overview
The `tap-agent` crate provides cryptographic agent functionality for the Travel Asset Protocol. It handles DID-based identity, message signing/verification, encryption/decryption, and secure communication between TAP participants.

## Purpose
- Manage cryptographic identities using DIDs (Decentralized Identifiers)
- Sign and verify messages using Ed25519 signatures
- Encrypt and decrypt messages using X25519 key agreement
- Pack and unpack DIDComm messages
- Provide secure agent-to-agent communication

## Key Components

### Core Traits
```rust
pub trait Agent: Send + Sync {
    fn did(&self) -> &str;
    async fn sign(&self, message: &[u8]) -> Result<Vec<u8>>;
    async fn encrypt(&self, plaintext: &[u8], recipient_dids: &[&str]) -> Result<Jwe>;
    async fn decrypt(&self, jwe: &Jwe) -> Result<Vec<u8>>;
}
```

### Agent Types
- **LocalAgent**: File-based key storage with encryption
- **InMemoryAgent**: Ephemeral agents for testing
- **Custom Agents**: Implement the Agent trait for HSM, cloud KMS, etc.

### Key Management
```rust
pub struct AgentKeyManager {
    // Manages multiple agent keys
    // Supports labels for organization
    // Thread-safe for concurrent access
}

pub struct LocalAgentKey {
    // Individual agent key with Ed25519 signing
    // X25519 key agreement for encryption
    // Secure storage with password protection
}
```

### Message Packing
```rust
// Pack a plain message into JWS format
pub async fn pack_signed(
    message: &PlainMessage,
    agent: &dyn Agent,
) -> Result<String>;

// Pack into encrypted JWE format
pub async fn pack_encrypted(
    message: &PlainMessage,
    agent: &dyn Agent,
    recipient_dids: &[&str],
) -> Result<String>;

// Unpack any DIDComm message
pub async fn unpack(
    packed_message: &str,
    agent: &dyn Agent,
    resolver: &dyn Resolver,
) -> Result<PlainMessage>;
```

## Usage Examples

### Creating an Agent
```rust
use tap_agent::{LocalAgent, Agent};

// Create a new agent with generated keys
let agent = LocalAgent::new()?;
println!("Agent DID: {}", agent.did());

// Create from existing key file
let agent = LocalAgent::from_file("path/to/agent.json", "password")?;

// Save agent keys
agent.save_to_file("path/to/agent.json", "password")?;
```

### Signing Messages
```rust
use tap_agent::sign_plain_message;

let plain_message = create_transfer_message();
let jws = sign_plain_message(&plain_message, &agent).await?;
```

### Encrypting Messages
```rust
use tap_agent::pack_encrypted;

let encrypted = pack_encrypted(
    &plain_message,
    &agent,
    &["did:key:recipient1", "did:key:recipient2"],
).await?;
```

### Message Verification
```rust
use tap_agent::{verify_jws, Resolver};

let resolver = MyResolver::new();
let verified_message = verify_jws(&jws, &resolver).await?;
```

### Agent Key Manager
```rust
use tap_agent::AgentKeyManager;

let manager = AgentKeyManager::new();

// Add agents with labels
manager.add_agent_with_label(agent1, "primary").await?;
manager.add_agent_with_label(agent2, "backup").await?;

// Get agent by label
let agent = manager.get_agent_by_label("primary").await?;

// List all agents
let agents = manager.list_agents().await;
```

## Key Features
- **DID Support**: Uses did:key method for self-sovereign identity
- **Cryptographic Operations**: Ed25519 signing, X25519 encryption
- **DIDComm Compatible**: Full support for DIDComm message formats
- **Secure Storage**: Password-protected key storage
- **Thread-Safe**: Async/await support with thread safety
- **Extensible**: Trait-based design for custom implementations

## Security Considerations
- Private keys are encrypted at rest using AES-256-GCM
- Password-based key derivation using Argon2
- Secure random number generation
- Memory zeroization for sensitive data
- No private key material in logs or debug output

## Dependencies
- `ed25519-dalek`: Ed25519 signatures
- `x25519-dalek`: X25519 key agreement
- `aes-gcm`: Authenticated encryption
- `argon2`: Password hashing
- `tap-msg`: Message types
- `async-trait`: Async trait support

## Testing
```bash
cargo test --package tap-agent
```

## Related Crates
- `tap-msg`: Defines message types
- `tap-node`: Uses agents for message processing
- `tap-wasm`: WebAssembly bindings for browser usage