Skip to content

guardian: Bind log signatures to S3 object keys#801

Draft
mskd12 wants to merge 6 commits into
mainfrom
deepakmaram/iop-494-bind-guardian-log-signatures-to-their-s3-object-keys
Draft

guardian: Bind log signatures to S3 object keys#801
mskd12 wants to merge 6 commits into
mainfrom
deepakmaram/iop-494-bind-guardian-log-signatures-to-their-s3-object-keys

Conversation

@mskd12

@mskd12 mskd12 commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Summary

  • bind each signed guardian log to its canonical S3 object key
  • preserve actual S3 keys through batch and point reads for verification
  • retain authenticated key provenance in VerifiedLogRecord
  • validate unsigned OI attestation placement and session derivation
  • add replay and key-derivation tampering coverage

Testing

  • cargo test -p hashi-types guardian::log::envelope::tests
  • cargo test -p hashi-guardian
  • cargo test -p hashi-guardian-proxy
  • cargo clippy -p hashi-types -p hashi-guardian -p hashi-guardian-proxy --all-targets -- -D warnings

IOP-494

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant