RootKeyRecord
PQSafe AgentPay API Reference v0.1.0
PQSafe AgentPay API Reference / RootKeyRecord
Interface: RootKeyRecord
Defined in: pqsafe/agent-pay/src/sprint2/issuer.ts:75
Root key record. The secret key never leaves the HSM. Only the public key and metadata are stored in this record.
Extends
Properties
createdAt
createdAt:
string
Defined in: pqsafe/agent-pay/src/sprint2/issuer.ts:60
ISO timestamp: when this key was generated.
Inherited from
hsmProvider
hsmProvider:
"yubikey"|"aws-cloudhsm"|"google-cloud-kms"|"software-dev-only"
Defined in: pqsafe/agent-pay/src/sprint2/issuer.ts:87
HSM provider used in production. ‘yubikey’ or ‘cloud-hsm’ acceptable for v1.
issuerAddress
issuerAddress:
string
Defined in: pqsafe/agent-pay/src/sprint2/issuer.ts:82
PQSafe issuer address derived from this root key. pq1 + keccak256(publicKey)[0:20] as hex.
keyId
keyId:
string
Defined in: pqsafe/agent-pay/src/sprint2/issuer.ts:54
Unique key ID (UUID v4). Used in certificates and audit logs.
Inherited from
publicKey
publicKey:
string
Defined in: pqsafe/agent-pay/src/sprint2/issuer.ts:58
Hex-encoded public key bytes.
Inherited from
revoked
revoked:
boolean
Defined in: pqsafe/agent-pay/src/sprint2/issuer.ts:66
Whether this key has been explicitly revoked (epoch advance or root revocation).
Inherited from
revokedAt?
optionalrevokedAt?:string
Defined in: pqsafe/agent-pay/src/sprint2/issuer.ts:68
ISO timestamp of revocation (if revoked = true).
Inherited from
type
type:
"root"
Defined in: pqsafe/agent-pay/src/sprint2/issuer.ts:76
validFrom
validFrom:
string
Defined in: pqsafe/agent-pay/src/sprint2/issuer.ts:62
ISO timestamp: not valid before this time.
Inherited from
validUntil
validUntil:
string
Defined in: pqsafe/agent-pay/src/sprint2/issuer.ts:64
ISO timestamp: not valid after this time.
Inherited from
variant
variant:
"ml-dsa-87"
Defined in: pqsafe/agent-pay/src/sprint2/issuer.ts:77
ML-DSA variant for this key.