Skip to content

Release v2.0.0

Choose a tag to compare

View all tags
@xlloit xlloit released this 29 May 15:08
· 13 commits to main since this release
v2.0.0
8b9509e
This commit was signed with the committer’s verified signature.
xlloit xlloyd
SSH Key Fingerprint: 3Mob4E6ZEM5UnDnZLDxdNe0atJA58GFjPXUWOb+lq5k
Verified
Learn about vigilant mode.

TKeeper moved from “sign arbitrary bytes” to an authority-bound signing model.
This is a major release with API, SDK, build, and runtime changes.

Highlights

  • Introduced authority-bound key usage with policy evaluation before crypto operations.
  • Added command artifact signing flow (arbitrary, typed, evm, bitcoin, x509).
  • Added mono quorum mode (1-of-1) and promotion to threshold.
  • Split optional capabilities into feature modules.
  • Updated SDK to 2.0.0 for the new API model.
  • Migrated crypto foundation from tss4j references to Anvil stack.
  • TKeeper is now supports only Java 25+ runtimes.

Breaking Changes

  • POST /sign no longer accepts standalone hash + algorithm in the old shape.
  • Key authorities now must be either:
  • arbitrary only, or
  • one or more concrete authorities
  • Mixing arbitrary with concrete authorities is rejected.
  • API surface standardized under /v2 endpoints.
  • SDK naming changes:
  • SigMethod replaced by SigScheme
  • new authority and command artifact models required in request payloads.

New Capabilities

  • New command artifacts:
  • ArbitraryData
  • TypedData
  • UnsignedEvmTransaction
  • UtxoInput
  • TBSDerEncoded
  • New endpoint:
  • POST /v2/keeper/quorum/promote
  • Trusted Dealer improvements:
  • authority-aware import
  • metadata/commitment persistence parity with DKG-generated keys
  • mono mode support

Quorum Modes

  • Added explicit QuorumMode:
  • mono (1-of-1)
  • threshold (t-of-n)
  • Added mono-specific flows for:
  • key generation
  • signing sessions
  • ECIES decrypt
  • destroy lifecycle
  • Added promotion flow from mono to threshold:
  • creates next generation
  • redistributes key material to peer shares
  • rewrites local init data
  • requires restart
  • one-way migration (no rollback to mono)

Build and Packaging

  • Optional capabilities extracted into runtime feature modules:
  • authority-evm
  • authority-bitcoin
  • authority-x509
  • ecies
  • seal-aws
  • seal-gcloud
  • ui
  • integration-only:
  • failure-injection
  • Feature selection via Gradle properties:
  • -Pkeeper.features=...
  • -Pkeeper.feature.<name>=true
  • -Pkeeper.docker.features=...
  • Added shadowJarIntegration for integration builds with test-only feature injection.
  • Docker flow now expects prebuilt jar at build/docker/tkeeper.jar (no in-container jar build).
  • Runtime/toolchain upgrades:
  • Java 25 for runtime build
  • Gradle wrapper update
  • modern Shadow plugin migration

SDK 2.0.0

  • Updated models and modules to authority/command flow.
  • Added quorum promotion models and module.
  • Updated Generate, Store, Sign, Verify, Import.
  • Added new error coverage and authority-aware request types.

Security and Policy

  • Authority policy is evaluated before sensitive operations.
  • Added protections for:
  • authority mismatch attempts
  • partial peer policy tampering scenarios
  • arbitrary vs concrete authority misuse
  • Audit now includes policy evaluation context for authority decisions.

Integration and Testing

  • Integration tests split into:
  • functional
  • performance
  • Added coverage for:
  • authority policies and effects
  • EVM/Bitcoin/X509 payload handling
  • four-eye/time-policy edge cases
  • trusted dealer + import lifecycle
  • mono mode and promotion
  • byzantine/failure injection scenarios
  • ECIES mono/threshold paths

Documentation and OpenAPI

  • OpenAPI updated for /v2 model and new request/response schemas.
  • Documentation expanded across docs/:
  • overview
  • authorities
  • signing
  • key lifecycle
  • trusted dealer
  • ECIES
  • security quorum mode guidance
  • build/docker flows
  • threat model links and structure refresh
Assets 2
Loading