Skip to main content

Module encoding

Module encoding 

Source
Expand description

In-house RFC 4648 base64 codec (TrustForge owns its codec layer; see docs/dependency-audit.md).

Two engines cover every TrustForge use: STANDARD (padded, +/) for signature payloads, vault material, and packet wire fields, and URL_SAFE_NO_PAD (-_) for JOSE-style segments in the OAuth/GNAP/DID bridges.

Decoding is strict, matching the behavior of the base64 crate defaults this module replaced: no whitespace, no embedded padding, canonical padding required for STANDARD, padding forbidden for URL_SAFE_NO_PAD, and non-zero trailing bits rejected (a base64 string has exactly one valid decoding or none — no malleable sibling encodings of signature material).

Structs§

Engine
A base64 engine: alphabet + padding policy. The two engines TrustForge uses are exported as consts; the type is public so adapters can name it.

Enums§

DecodeError
Base64 decode failure. Carries enough context for diagnostics without echoing the (possibly secret) input.

Constants§

STANDARD
RFC 4648 §4 standard alphabet, padded (=). Canonical padding is required on decode.
URL_SAFE_NO_PAD
RFC 4648 §5 URL-safe alphabet, unpadded. Padding bytes are rejected on decode.