Expand description
Signed envelope (HMAC-SHA-256).
The contract is intentionally close to COSE_Sign1 with HS256: a
content header (kid, alg, timestamp, nonce) is folded into the
signing input alongside the body bytes, and the sealed message is
a CBOR map { kid, alg, ts, nonce, body, mac }. A full COSE_Sign1
implementation with ES256/EdDSA can land later — adding it is
non-breaking thanks to the keys::KeyProvider trait.
Structs§
- Hmac
Envelope - HMAC-SHA-256 backed envelope. Sealed messages are self-describing
CBOR maps: signature recipients can decode the envelope, fetch the
key by
kid, and verify without out-of-band coordination. - InMemory
Nonce Store - In-memory nonce store. One mutex; the working set is bounded by the clock-skew window — a 5-minute skew at 10k req/s caps at ~3M entries, which is fine. Production multi-replica deployments swap in Redis.
- Sealed
Envelope - Static
KeyProvider - In-memory
KeyProviderfor tests and single-tenant deployments. Banks running real workloads bring a backed implementation (KMS, Vault, HSM).
Traits§
- KeyProvider
- Resolves signing keys by kid (key id). Banks running multi-tenant or rotating keysets implement this so the envelope code never has to know the storage mechanism. Implementations must be constant- time for not-found vs wrong-tenant errors — never use the error message to leak whether a key id exists.
- Nonce
Store - Tracks the nonces of sealed envelopes that have already been verified inside the clock-skew window, so a captured-and-replayed request gets rejected the second time. Banks running multi-replica deployments back this with Redis so the rejection holds cluster-wide.