huddle 0.7.11: max accepted skew between signed_at_ms on a signed
envelope and the receiver’s wall clock. Anything outside the window
is rejected as a replay (or as a clock that’s drifted too far).
Wrap a RoomMessage into a SignedRoomMessage using the given identity’s
signing key. Mirror of verify_signed; symmetric helper so phase B/F/G/etc.
don’t each open-code the base64 dance.
huddle 2.0.6 (WS2-a): like sign_message, but ALSO attaches a composite
ML-DSA-65 post-quantum signature over the same signed_bytes, plus the
sender’s ML-DSA public key. For low-frequency identity/authority
envelopes (announces, owner/ban grants, invites) — the ML-DSA signature is
~3.3 KB, so it is not put on every chat line. Backward-compatible: a peer
that doesn’t pin the sender’s ML-DSA key simply ignores the extra fields and
verifies classically.
Same as verify_signed but with an explicit clock and window —
kept public for tests that want to exercise the replay-window logic
deterministically without a SystemTime detour.
huddle 2.0.6 (WS2-a): verify an envelope’s composite ML-DSA-65 signature
against a pinned ML-DSA public key (the caller’s durable record of this
signer’s PQ-auth key, learned from a prior signed announce). The Ed25519
layer is checked separately by verify_signed; this is the additional
post-quantum check, gated on having pinned the signer’s key.