Skip to content

Ed25519 asymmetric signing for packs, evidence, certificates (closes #1)#5

Merged
abhay-codes07 merged 1 commit into
mainfrom
feat/ed25519-signing
Jul 12, 2026
Merged

Ed25519 asymmetric signing for packs, evidence, certificates (closes #1)#5
abhay-codes07 merged 1 commit into
mainfrom
feat/ed25519-signing

Conversation

@abhay-codes07

Copy link
Copy Markdown
Owner

Closes #1.

Adds asymmetric (Ed25519) signing alongside the existing HMAC-SHA256 scheme for packs (M25), compliance evidence (M29), and Volo Certified certificates (M33).

Why

HMAC is a symmetric shared secret — fine inside one trust domain, but a public credential (a signed certificate or evidence pack) wants asymmetric signing: the issuer signs with a private key and anyone verifies with the public key, holding no secret that could forge new signatures.

What

  • volo_core.asymmetric — Ed25519 generate_keypair / sign_ed25519 / verify_ed25519. Lazily imports cryptography (clear error if absent), so the OSS core stays lean; exposed as the volo-core[crypto] extra and pulled by the signing packages.
  • sign_pack_ed25519 / sign_evidence_ed25519 / sign_certificate_ed25519. The signature envelope was already algorithm-tagged (ADR-0028 anticipated this), so verify_* selects HMAC vs Ed25519 by tag and a keyring can mix symmetric + asymmetric publishers.
  • HMAC path unchanged and still the default.

Tests

11 new: the core primitive (keygen/sign/verify, tamper, wrong-key, garbage-signature), plus per-artifact roundtrip + wrong-key + tamper for certificates, packs (incl. a mixed HMAC+Ed25519 keyring), and evidence. Full suite 539 passed, mypy clean (126 files), ruff clean.

Refs ADR-0028, ADR-0037.

…tificates

Adds asymmetric signing alongside the existing HMAC scheme. volo_core.asymmetric
provides Ed25519 keygen/sign/verify, lazily importing cryptography so the OSS
core stays lean (available via the volo-core[crypto] extra). Packs, compliance
evidence packs, and Volo Certified certificates gain sign_*_ed25519 helpers: the
issuer signs with a private key and anyone verifies with only the public key,
holding no secret that could forge new signatures — what a public credential
wants. The signature envelope was already algorithm-tagged, so verification
selects HMAC vs Ed25519 by tag and a keyring can mix symmetric and asymmetric
publishers. The HMAC path is unchanged and stays the default.

11 tests (core primitive + per-artifact roundtrip/tamper/wrong-key). Closes #1.
Copilot AI review requested due to automatic review settings July 12, 2026 15:05

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@github-actions

Copy link
Copy Markdown

🛫 Volo reliability — ❌ NO-SHIP

Replayed 7 adversarial scenarios against the agent (threshold ≥ 0.90).

Metric Score
Trajectory determinism 1.000
Decision determinism 1.000
Faithfulness 0.000
Consistency under repetition 1.000

Cost — replayed deterministically at $0 (no live API calls).

baseline 1783868769938-a9d5aa1b-dc1a-4656-8c8e-c05249ce358b • generated by Volo

@abhay-codes07 abhay-codes07 merged commit 53c671f into main Jul 12, 2026
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Asymmetric signing (Ed25519) for packs, evidence, and certificates

2 participants