Custody and wallet
Secure messaging.
Identity-bound encrypted messaging. Each message is signed by the sender DID and encrypted to the recipient's wallet key.
- STATUS
- Testnet
- CRATE
- tenzro-crypto
- STABILITY
- Beta
- TYPE
- Component
01
Model
Per-message X25519 ephemeral keys derive an AES-256-GCM key via HKDF. Sender signs the ciphertext with their wallet's Ed25519 key.
02
A2A integration
Agent messages over A2A use this envelope by default. Recipients verify the sender DID against the on-chain identity registry before decrypting.
03
Hybrid PQ
PQ migration applies the same hybrid composite as the wallet: ML-KEM-768 wraps the symmetric key alongside X25519. Both legs must succeed.
Related