audit: Ed25519 seed verification + journal sealing#6
Merged
Conversation
Add Ed25519 signing to redteam, ported from the codered substrate, in two roles: - Consumer: verify incoming signed validation seeds against PINNED PRODUCER keys before any objective is acted on. Keyring resolves from CODERED_PRODUCER_PUBKEYS or keys/producers.toml (public keys only). The canonical signing recipe (signature field reset to "", compact JSON) is documented and matches the producer side byte-for-byte. New redteam-seed binary gates a seed file; non-zero exit means do not act. - Producer/self: seal redteam's own audit journal. The runtime hash-chains the journal but does not sign it; redteam-seal verifies linkage then signs the chain head with a per-engagement key, so one signature attests the whole journal and a forged-but-relinked journal fails. The web viewer's audit badge upgrades to AUDIT SEALED when a valid seal matches the head. Shared crypto.rs (sign/verify + verify-only path), seed.rs (keyring + verify), and audit.rs (linkage moved here from the web crate + sealing). Private keys are gitignored; producers.toml.example documents the keyring format. Covered by 14 lib tests + a redteam-seed CLI e2e. Clippy clean.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds Ed25519 signing to redteam in two roles:
redteam-seed verify). Canonical signing recipe documented to match the producer byte-for-byte.redteam-seal); the web viewer's audit badge upgrades toAUDIT SEALEDwhen a valid seal matches the head.New modules:
crypto.rs,seed.rs,audit.rs(journal linkage moved here from the web crate + sealing). Private keys gitignored;keys/producers.toml.exampledocuments the keyring.Test Plan
redteam-seedCLI e2e--all-targetsclean🤖 Generated with Claude Code