CDCavell.AsiBackbone.Signing.LocalDevelopment
1.2.1
AsiBackbone.Signing.LocalDevelopment
Additional DetailsThis package ID has been superseded by the simplified AsiBackbone.* package line starting with version 2.0.0. This is a project/package namespace rename, not a critical bug or security deprecation. Please migrate to the corresponding AsiBackbone.* package and update using statements from CDCavell.AsiBackbone.* to AsiBackbone.*.
dotnet add package CDCavell.AsiBackbone.Signing.LocalDevelopment --version 1.2.1
NuGet\Install-Package CDCavell.AsiBackbone.Signing.LocalDevelopment -Version 1.2.1
<PackageReference Include="CDCavell.AsiBackbone.Signing.LocalDevelopment" Version="1.2.1" />
<PackageVersion Include="CDCavell.AsiBackbone.Signing.LocalDevelopment" Version="1.2.1" />
<PackageReference Include="CDCavell.AsiBackbone.Signing.LocalDevelopment" />
paket add CDCavell.AsiBackbone.Signing.LocalDevelopment --version 1.2.1
#r "nuget: CDCavell.AsiBackbone.Signing.LocalDevelopment, 1.2.1"
#:package CDCavell.AsiBackbone.Signing.LocalDevelopment@1.2.1
#addin nuget:?package=CDCavell.AsiBackbone.Signing.LocalDevelopment&version=1.2.1
#tool nuget:?package=CDCavell.AsiBackbone.Signing.LocalDevelopment&version=1.2.1
CDCavell.AsiBackbone.Signing.LocalDevelopment
CDCavell.AsiBackbone.Signing.LocalDevelopment provides a local-development RSA signing and verification provider for exercising AsiBackbone signing abstractions without Azure Key Vault, HSM, cloud KMS, certificate-store, or external infrastructure dependencies.
New to AsiBackbone? Start with the concept, not this package: Intent to Execution: An Accountability Pattern and the documentation site. This README covers one package in the family.
Important: This package is intended for local development, samples, and tests. It is not a production managed-key provider and does not provide tamper-evidence, immutability, legal non-repudiation, compliance certification, or protected key custody by itself.
Boundary
This package implements:
IAsiBackboneSigningServiceIAsiBackboneSignatureVerificationService
It signs the SigningRequest.SigningHash value using an in-process RSA key generated for the service instance and returns provider-neutral SigningMetadata.
Core remains provider-neutral. CDCavell.AsiBackbone.Core does not reference this package.
Metadata returned
Successful signing results include:
- signing hash
- hash algorithm
- Base64 signature value
- signature algorithm descriptor
- key ID
- key version
- provider descriptor
- signed UTC timestamp
- local-development warning metadata
Signing failures in normal flow return unsigned signing metadata with explicit signing_status, failure_code, and failure_message values unless the host opts out by setting ReturnUnsignedOnFailure = false.
Example registration
var localSigningOptions = LocalDevelopmentSigningOptions.Create(
keyId: "sample-local-dev-key",
keyVersion: "dev");
var localSigningService = new LocalDevelopmentSigningService(localSigningOptions);
builder.Services.AddSingleton(localSigningService);
builder.Services.AddSingleton<IAsiBackboneSigningService>(localSigningService);
builder.Services.AddSingleton<IAsiBackboneSignatureVerificationService>(localSigningService);
Example flow
AuditLedgerRecord
-> CanonicalPayloadBuilder.ForAuditLedgerRecord(...)
-> CanonicalPayloadHasher.ComputeHash(...)
-> SigningRequest
-> LocalDevelopmentSigningService.SignAsync(...)
-> SignatureVerificationRequest
-> LocalDevelopmentSigningService.VerifyAsync(...)
Non-goals
This package does not:
- integrate with Azure Key Vault, Managed HSM, local machine certificate stores, or cloud KMS services;
- persist private key material;
- provide production key rotation;
- provide legal non-repudiation;
- verify an audit hash chain;
- provide immutable storage or external anchoring;
- make unsigned, signed, or verified records tamper-evident by default.
Use a managed-key or HSM-backed provider for production workflows where signing is part of a security or audit-control boundary.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net10.0
- CDCavell.AsiBackbone.Core (>= 1.2.1)
- CDCavell.AsiBackbone.DependencyInjection (>= 1.2.1)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.