Cryptography and Keys
This document defines the cryptographic expectations for decision packages, audit integrity, and key management.
Decision Package Signatures
- Decision packages MUST include a
signaturesarray with one or more signatures when enforcement requires signed governance. - Each signature MUST include
key_id,algorithm, andsignaturefields. - The signature payload MUST be the canonical encoding defined in
STANDARD/WIRE_FORMAT.md. - Implementations MUST verify that the number of valid signatures meets or exceeds the configured threshold.
Key Management
- Implementations MUST support key rotation by
key_idwithout requiring ledger downtime. - Verification keys MUST be identified by stable
key_idvalues. - Key material MUST be stored and transmitted using secure channels and access-controlled storage.
- Implementations SHOULD support key revocation or deactivation via governance or operational policy.
Algorithms
- Signature algorithms MUST be referenced by name from the algorithm registry in
STANDARD/REGISTRIES.md. - Implementations SHOULD support
ed25519for interoperability.
Hashing
- If audit or governance logs are hash-chained, the hashing algorithm MUST be named in the hash registry and MUST be collision resistant.
- Implementations SHOULD support
sha256.