Expand description
In-house RFC 4648 base64 codec (TrustForge owns its codec layer; see
docs/dependency-audit.md).
Two engines cover every TrustForge use: STANDARD (padded, +/)
for signature payloads, vault material, and packet wire fields, and
URL_SAFE_NO_PAD (-_) for JOSE-style segments in the OAuth/GNAP/DID
bridges.
Decoding is strict, matching the behavior of the base64 crate defaults
this module replaced: no whitespace, no embedded padding, canonical
padding required for STANDARD, padding forbidden for
URL_SAFE_NO_PAD, and non-zero trailing bits rejected (a base64
string has exactly one valid decoding or none — no malleable sibling
encodings of signature material).
Structs§
- Engine
- A base64 engine: alphabet + padding policy. The two engines TrustForge uses are exported as consts; the type is public so adapters can name it.
Enums§
- Decode
Error - Base64 decode failure. Carries enough context for diagnostics without echoing the (possibly secret) input.
Constants§
- STANDARD
- RFC 4648 §4 standard alphabet, padded (
=). Canonical padding is required on decode. - URL_
SAFE_ NO_ PAD - RFC 4648 §5 URL-safe alphabet, unpadded. Padding bytes are rejected on decode.