809862af35
Implement cryptographic signing for message envelopes using Ed25519: - Identity module: Generate, load, save Ed25519 keypairs - Signing module: Sign/verify envelopes using Exclusive C14N - Envelope utilities: Build envelopes with optional signing - CLI keygen command: xml-pipeline keygen [-o path] - Pump integration: Auto-sign when identity configured Signature is embedded in <meta> block using namespace https://xml-pipeline.org/ns/sig/v1, fitting existing xs:any in envelope.xsd. Usage: xml-pipeline keygen -o config/identity.key # organism.yaml organism: identity: "config/identity.key" Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
46 lines
1 KiB
Python
46 lines
1 KiB
Python
"""
|
|
crypto — Ed25519 identity keys for signing and verification.
|
|
|
|
This module provides:
|
|
- Identity key generation and loading
|
|
- Envelope signing using Exclusive C14N
|
|
- Signature verification for incoming messages
|
|
- Federation peer authentication
|
|
|
|
Usage:
|
|
from xml_pipeline.crypto import Identity, sign_envelope, verify_envelope
|
|
|
|
# Load organism identity
|
|
identity = Identity.load("config/identity/private.ed25519")
|
|
|
|
# Sign an envelope
|
|
signed_envelope = sign_envelope(envelope_tree, identity)
|
|
|
|
# Verify with peer's public key
|
|
is_valid = verify_envelope(envelope_tree, peer_public_key)
|
|
"""
|
|
|
|
from xml_pipeline.crypto.identity import (
|
|
Identity,
|
|
generate_identity,
|
|
load_public_key,
|
|
)
|
|
|
|
from xml_pipeline.crypto.signing import (
|
|
sign_envelope,
|
|
verify_envelope,
|
|
extract_signature,
|
|
SIGNATURE_NAMESPACE,
|
|
)
|
|
|
|
__all__ = [
|
|
# Identity
|
|
"Identity",
|
|
"generate_identity",
|
|
"load_public_key",
|
|
# Signing
|
|
"sign_envelope",
|
|
"verify_envelope",
|
|
"extract_signature",
|
|
"SIGNATURE_NAMESPACE",
|
|
]
|