Skip to content

[SDK-002] Add Ed25519 signing module #4

Open
Open
[SDK-002] Add Ed25519 signing module#4
Labels
blockedWaiting on another issue or external dependency.poc-criticalMust be complete before PoC deployment.security-sensitiveTouches signing, tokens, keypairs, or Tier D paths.

Description

@AdeGneus
AdeGneus
opened on May 15, 2026

Context

The CLI and Skills Hub need one SDK-owned implementation of Ed25519 signature parsing and verification so signing behavior does not drift across repos.

Scope

  • Create ori_sdk/signing.py.
  • Implement verify_skill_signature, sign_skill, and BUNDLED_SENTINEL = "bundled".
  • Use cryptography for Ed25519 operations.
  • Add test vectors from ori-specs/signing/v1.md.
  • Expose typed SignatureVerificationError.

Non-Goals

  • Does not implement the Hub publish endpoint.
  • Does not accept bundled for community-distributed skills.
  • Does not use PyNaCl.

Technical Specification

verify_skill_signature(tarball_bytes: bytes, signature_str: str, public_key_b64: str) -> bool verifies ed25519:<base64> signatures. sign_skill(tarball_bytes: bytes, private_key_bytes: bytes) -> str returns the same format. Missing cryptography must fail clearly.

Acceptance Criteria

  • Uses cryptography, not PyNaCl.
  • Invalid prefix/base64/signature raises typed errors.
  • Spec test vectors pass.
  • pytest, mypy, and ruff pass.

Tests Required

Test Verifies
test_verify_signature_vector Spec vector verifies.
test_rejects_bad_prefix Non-ed25519 signature rejected.
test_sign_skill_round_trip Generated signature verifies.

Additional Test Coverage / Edge Cases

  • Verify known-good Ed25519 test vectors from ori-specs/signing/v1.md.
  • Reject malformed signature prefixes, invalid base64, wrong public-key length, and tampered payload bytes.
  • Confirm signatures generated by sign_skill verify with verify_skill_signature.
  • Confirm signatures from cryptography are interoperable with runtime verification expectations.
  • Confirm bundled is treated as a sentinel value only where explicitly allowed, not as a valid community signature.
  • Test missing optional dependency/error path if cryptography import is unavailable or mocked unavailable.

Invariants — Do Not Violate

  • Security-sensitive Ed25519 work uses cryptography for runtime interoperability.

Dependencies

Blocked by:

Unblocks:

Contract References

  • ori-specs/signing/v1.md
  • Runtime ori/skills/signing.py

Priority

poc-critical

Suggested Labels

blocked, poc-critical, security-sensitive

Metadata

Metadata

Assignees

No one assigned

    Labels

    blockedWaiting on another issue or external dependency.poc-criticalMust be complete before PoC deployment.security-sensitiveTouches signing, tokens, keypairs, or Tier D paths.

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions