Cryptography utilities #10

New issue

Closed

opened 2026-03-03 17:52:18 +00:00 by Grandiras · 0 comments

Grandiras commented

2026-03-03 17:52:18 +00:00

Owner

Cryptography Utilities

Add a general-purpose AtProtoCrypto static class for AT Protocol cryptographic operations.

Features

Key generation: K-256 (secp256k1) and P-256 (NIST) key pairs
Signing: Sign data with private keys (both curves)
Verification: Verify signatures against public keys
Key serialization: Import/export keys in formats used by AT Protocol (multibase, did:key)
Multicodec support: Encode/decode public keys with proper multicodec prefixes

Context

The SDK currently only has crypto for DPoP proof generation (ES256/P-256 in DPoPProofGenerator) and PKCE (SHA-256 in PkceGenerator). A general-purpose crypto API is needed for:

Verifying repository commit signatures
Verifying label signatures
Working with did:key identifiers
Service auth JWT signing

Reference

AT Protocol Cryptography spec

## Cryptography Utilities Add a general-purpose `AtProtoCrypto` static class for AT Protocol cryptographic operations. ### Features - **Key generation**: K-256 (secp256k1) and P-256 (NIST) key pairs - **Signing**: Sign data with private keys (both curves) - **Verification**: Verify signatures against public keys - **Key serialization**: Import/export keys in formats used by AT Protocol (multibase, did:key) - **Multicodec support**: Encode/decode public keys with proper multicodec prefixes ### Context The SDK currently only has crypto for DPoP proof generation (ES256/P-256 in `DPoPProofGenerator`) and PKCE (SHA-256 in `PkceGenerator`). A general-purpose crypto API is needed for: - Verifying repository commit signatures - Verifying label signatures - Working with did:key identifiers - Service auth JWT signing ### Reference - [AT Protocol Cryptography spec](https://atproto.com/specs/cryptography)