gazagnaire.org / ocaml-scitt
Supply Chain Integrity, Transparency, and Trust (IETF SCITT)
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Add missing READMEs; expand short ones

New READMEs for: ocaml-auth, ocaml-cose, ocaml-http, ocaml-osv,
ocaml-rego, ocaml-scitt, ocaml-sigstore, ocaml-vec3.

Expanded: ca-certs (7→40 lines), osrelease (8→45 lines).

Each includes: synopsis, installation, usage example, API overview,
and license. Skipped ocaml-cel and ocaml-chor (no code yet).

Thomas Gazagnaire 5f9646bf 68f28736

+74
+74
README.md
··· 1 + ## scitt -- Supply Chain Integrity, Transparency, and Trust (IETF SCITT) 2 + 3 + Native OCaml implementation of 4 + [draft-ietf-scitt-architecture](https://datatracker.ietf.org/doc/draft-ietf-scitt-architecture/). 5 + Provides Signed Statements, Receipts with Merkle inclusion proofs, and 6 + Transparent Statements. Uses COSE for signing and supports pluggable 7 + Verifiable Data Structure (VDS) backends. 8 + 9 + This repository provides three opam packages: 10 + 11 + - **scitt** -- core SCITT library with built-in RFC 9162 SHA-256 binary Merkle tree 12 + - **scitt-atp** -- AT Proto MST backend for SCITT (keyed lookup via Merkle Search Tree) 13 + - **atp-lexicon-scitt** -- AT Protocol lexicon types and Jsont codecs for SCITT records 14 + 15 + ## Installation 16 + 17 + ``` 18 + opam install scitt 19 + opam install scitt-atp # for AT Proto MST backend 20 + opam install atp-lexicon-scitt # for AT Proto lexicon types 21 + ``` 22 + 23 + ## Quick Start 24 + 25 + ```ocaml 26 + (* Create a transparency service with RFC 9162 VDS *) 27 + let vds = Scitt.Vds_rfc9162.in_memory () in 28 + let ts = 29 + Scitt.Transparency_service.v ~service_id:"my-ts" ~vds 30 + ~algorithm:Cose.Algorithm.ES256 31 + ~sign:(Scitt.Signer.of_key ts_private_key) 32 + clock 33 + in 34 + 35 + (* Register a signed statement *) 36 + let statement = 37 + Scitt.Statement.v ~issuer:"did:web:example.com" 38 + ~subject:"sha256:abcdef..." ~content_type:"application/spdx+json" 39 + ~payload:sbom_json 40 + in 41 + let signed = Scitt.Signed_statement.sign ~key:issuer_key statement in 42 + let receipt = Scitt.Transparency_service.register ts ~issuer_key signed in 43 + 44 + (* Create and verify a transparent statement *) 45 + let transparent = Scitt.Transparent_statement.v signed [ receipt ] in 46 + match 47 + Scitt.Transparent_statement.verify 48 + ~ts_keys:(fun ~service_id:_ -> Some ts_public_key) 49 + ~issuer_key transparent 50 + with 51 + | Ok (stmt, _level, _summary) -> 52 + Format.printf "Verified: %s\n" (Scitt.Statement.issuer stmt) 53 + | Error e -> Format.eprintf "Failed: %a\n" Scitt.pp_error e 54 + ``` 55 + 56 + ## API Overview 57 + 58 + - `Scitt.Statement` -- create statements with issuer, subject, content type, and payload 59 + - `Scitt.Signed_statement` -- COSE Sign1 envelopes for statements 60 + - `Scitt.Receipt` -- Merkle inclusion proofs signed by a Transparency Service 61 + - `Scitt.Transparent_statement` -- bundle a signed statement with receipts; verify offline 62 + - `Scitt.Transparency_service` -- register statements and issue receipts 63 + - `Scitt.Vds_rfc9162` -- built-in RFC 9162 VDS (in-memory or SQLite-backed) 64 + - `Scitt.Signer` -- pluggable signing (in-process key or HSM/KMS) 65 + 66 + ## References 67 + 68 + - [draft-ietf-scitt-architecture](https://datatracker.ietf.org/doc/draft-ietf-scitt-architecture/) -- SCITT Architecture 69 + - [RFC 9162](https://www.rfc-editor.org/rfc/rfc9162) -- Certificate Transparency v2 70 + - [RFC 9052](https://www.rfc-editor.org/rfc/rfc9052) -- COSE Structures 71 + 72 + ## License 73 + 74 + MIT