feat(crypto)!: migrate cryptographic primitives to NetCrypto (#75)#77
Merged
Conversation
Delete all in-repo cryptographic primitives from NetDid.Core and consume them from the NetCrypto package. NetDid.Core now carries only DID-method logic. This is the cryptographic half of the NetCrypto/DataProofs refactor; the Data Integrity / eddsa-jcs-2022 engine, JCS canonicalization, and the did:key proof-signer parser remain in-repo and migrate to DataProofsDotnet in the data-proof half (#76). BREAKING CHANGE: crypto primitive, key-type, signer, keystore, JWK, and KDF types move namespace from NetDid.Core / NetDid.Core.Crypto / .KeyStore / .Jwk to NetCrypto (ICryptoProvider, IBbsCryptoProvider, ISigner, IKeyGenerator, IKeyStore, DefaultCryptoProvider, DefaultBbsCryptoProvider, DefaultKeyGenerator, KeyType, KeyTypeExtensions, EcPointValidator, EcdsaSignatureFormat, KeyPair, KeyPairSigner, KeyStoreSigner, StoredKeyInfo, PublicKeyReference, InMemoryKeyStore, JwkConverter, ConcatKdf). KeyTypeExtensions.ToKeyType(ulong) renamed to FromMulticodec(ulong). AddNetDid(...) now registers crypto via NetCrypto.AddNetCrypto(); BBS-absent surfaces as BbsUnavailableException. - Remove the Crypto/ primitive cluster, I* crypto interfaces, KeyStore/InMemoryKeyStore, Jwk/JwkConverter, Kdf/ConcatKdf, the BBS provider + ZkryptiumNative, the native/zkryptium-ffi Rust crate, runtimes/** dylib, the runtimes pack directive, and <AllowUnsafeBlocks>. - Add NetCrypto 1.0.0; bump NetCid 1.5.0 -> 1.6.0; drop the now-transitive NSec.Cryptography / NBitcoin.Secp256k1 / Nethermind.Crypto.Bls refs. - Bump NetDidVersion 1.3.1 -> 2.0.0; update CHANGELOG. - Rewire ~40 consumers (src + samples + all test projects). Re-express the internal-decompress tests against the public JwkConverter path. Verified: full build clean, 800 tests pass (incl. 175 W3C conformance, byte-identical), all 4 samples run end-to-end. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
NSec.Cryptography, NBitcoin.Secp256k1, and Nethermind.Crypto.Bls have no direct PackageReference anywhere on this branch after the NetCrypto migration — NetCrypto pulls them transitively. Removing the now-unused PackageVersion pins. did:ethr (#70) resolves NBitcoin.Secp256k1 transitively via NetDid.Core -> NetCrypto and is unaffected; if it later takes a direct reference it should re-add the pin. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #75 — the cryptographic half of the NetCrypto/DataProofs refactor.
NetDid.Corenow carries zero crypto primitives; they are consumed from the NetCrypto 1.0.0 package. The Data Integrity /eddsa-jcs-2022engine, JCS canonicalization, and thedid:keyproof-signer parser remain in-repo for now and migrate to DataProofsDotnet in the data-proof half (#76).Breaking changes (→ v2.0.0)
NetDid.Core/NetDid.Core.Crypto/.KeyStore/.JwktoNetCrypto. Consumers replaceusing NetDid.Core.Crypto;(and.KeyStore/.Jwk/.Crypto.Kdf) withusing NetCrypto;. Signatures and enum ordinals are otherwise unchanged.KeyTypeExtensions.ToKeyType(ulong)→FromMulticodec(ulong).AddNetDid(...)registers crypto viaNetCrypto.AddNetCrypto(); BBS-absent now surfaces asNetCrypto.BbsUnavailableException.What changed
Crypto/primitive cluster,I*crypto interfaces,KeyStore/InMemoryKeyStore,Jwk/JwkConverter,Kdf/ConcatKdf, the BBS provider +ZkryptiumNative, the self-hostednative/zkryptium-ffi/Rust crate, the bundledruntimes/**dylib, the runtimes pack directive, and<AllowUnsafeBlocks>.NetCrypto 1.0.0; bumpNetCid 1.5.0 → 1.6.0; drop the now-transitiveNSec.Cryptography/NBitcoin.Secp256k1/Nethermind.Crypto.Bls. BBS native payload (all 5 RIDs) now flows transitively from NetCrypto.NetDidVersion 1.3.1 → 2.0.0; CHANGELOG[2.0.0]added.JwkConverter.ToPublicJwkpath rather than deleted; only the BBS-keygen test and the one direct internal-primitive test were removed (covered byNetCrypto.Tests).Scope notes
ScidGenerator/JsonCanonicalization.cs(can't delete the file whileDataIntegrityProofEnginestill uses it). Refactor: migrate Data Integrity / did:webvh proofs to DataProofsDotnet #76 now owns the full JCS →NetCid.JcsCanonicalizermigration (documented in a comment there).Verification
🤖 Generated with Claude Code