JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 10790
  • Score
    100M100P100Q113741F
  • License Apache-2.0

Signing and verification primitives for deterministic governance infrastructure.

Package Exports

  • @parmanasystems/crypto

Readme

@parmanasystems/crypto

Ed25519 key management, signing, and verification primitives for the parmanasystems governance runtime.

npm

Overview

@parmanasystems/crypto provides the low-level cryptographic primitives used throughout parmanasystems:

  • Loading Ed25519 keys from disk or environment variables
  • Signing canonical payloads (returns base64)
  • Verifying Ed25519 signatures
  • Signing and verifying bundle manifests

All operations use Node.js's built-in crypto module — no external cryptographic dependencies.

Installation

npm install @parmanasystems/crypto

API

Key loading

import { loadPrivateKey, loadPublicKey } from "@parmanasystems/crypto";

// Load from file (relative path or absolute)
const privateKey = loadPrivateKey();  // reads ./dev-keys/bundle_signing_key
const publicKey  = loadPublicKey();   // reads ./dev-keys/bundle_signing_key.pub

Signing

import { signManifest } from "@parmanasystems/crypto";

// Sign a bundle.manifest.json file
const signature = await signManifest("./policies/claims-approval/v1/bundle.manifest.json");
// Returns base64-encoded Ed25519 signature

Verification

import { verifySignature, verifyPayloadSignature } from "@parmanasystems/crypto";

// Verify a manifest signature
const ok = await verifySignature(manifestPath, signature);

// Verify an arbitrary payload
const ok = verifyPayloadSignature(payload, signature, publicKey);
// Returns boolean

Key persistence

import { persistKeys } from "@parmanasystems/crypto";

await persistKeys(privateKey, publicKey, "./dev-keys");
// Writes bundle_signing_key and bundle_signing_key.pub

Algorithm

All signatures use Ed25519 via Node.js crypto.sign / crypto.verify.

  • Private keys: PKCS8 DER format
  • Public keys: SPKI DER format
  • Signatures: base64-encoded

For AWS KMS HSM-backed signing, use AwsKmsSigner in @parmanasystems/execution.

Dev key location

The default dev key path is ./dev-keys/bundle_signing_key{,.pub} relative to the current working directory. The server and CI scripts fall back to environment variables Parmana_PRIVATE_KEY / Parmana_PUBLIC_KEY (base64 DER) if these files are absent.

License

Apache-2.0