test-vectors/approval.json

{
  "version": 2,
  "vectors": [
    {
      "description": "V4.10 approval signing payload (length-prefixed u16 BE UTF-8)",
      "domain": "shade-link-approve-v1",
      "requestId": "aabbccddeeff00112233445566778899",
      "hostFingerprint": "11111 22222 33333 44444",
      "requestingDeviceFingerprint": "55555 66666 77777 88888",
      "decision": "approve",
      "signingPayload": "001573686164652d6c696e6b2d617070726f76652d76310020616162626363646465656666303031313232333334343535363637373838393900173131313131203232323232203333333333203434343434001735353535352036363636362037373737372038383838380007617070726f7665"
    },
    {
      "description": "V4.10 approval signing payload (length-prefixed u16 BE UTF-8)",
      "domain": "shade-link-approve-v1",
      "requestId": "aabbccddeeff00112233445566778899",
      "hostFingerprint": "11111 22222 33333 44444",
      "requestingDeviceFingerprint": "55555 66666 77777 88888",
      "decision": "reject",
      "signingPayload": "001573686164652d6c696e6b2d617070726f76652d7631002061616262636364646565666630303131323233333434353536363737383839390017313131313120323232323220333333333320343434343400173535353535203636363636203737373737203838383838000672656a656374"
    },
    {
      "description": "V4.10 approval signing payload (length-prefixed u16 BE UTF-8)",
      "domain": "prism-link-approve-v1",
      "requestId": "00000000000000000000000000000000",
      "hostFingerprint": "a",
      "requestingDeviceFingerprint": "b",
      "decision": "approve",
      "signingPayload": "0015707269736d2d6c696e6b2d617070726f76652d7631002030303030303030303030303030303030303030303030303030303030303030300001610001620007617070726f7665"
    },
    {
      "description": "V4.10 approval Ed25519 sign/verify (deterministic seed)",
      "seed": "101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f",
      "publicKey": "7776e870b93354f2a0b24c23f2a36cc4e80e223218c1b97926fdd018396a2b9b",
      "request": {
        "requestId": "cafebabe1234567890abcdef00112233",
        "hostFingerprint": "host-fp",
        "requestingDeviceFingerprint": "req-fp",
        "decision": "approve",
        "domain": "shade-link-approve-v1"
      },
      "signingPayload": "001573686164652d6c696e6b2d617070726f76652d7631002063616665626162653132333435363738393061626364656630303131323233330007686f73742d667000067265712d66700007617070726f7665",
      "signature": "2a60910d161466a10c5b256548267c6d58f7b25d6035dae4c7ab7770dfb1fe321c5b86120749544d18d0f40e1a3e9ca713724692e265083160da23cee926220e"
    }
  ]
}
android: V4.9 + V4.10 Kotlin ports + KeystoreStorage adapter Pure-JVM additions to shade-android (no Android SDK needed): - V4.9 blob primitives: BlobKdf (HKDF deriveBlobSlotId/Key/SigningSeed), BlobAead (nonce\|\|ct\|\|tag with shade-profile-aad-v1:<slot> AAD), BlobClient (java.net.http with hand-written canonical JSON signing matching TS signPayload output), Profile high-level namespace. - V4.10 approval helpers: CanonicalProfileBlob schema with denormalized trustedApproverFingerprints, build/sign/verify proxy approvals via length-prefixed u16 BE UTF-8 canonical signing payload. - Password KDFs: scrypt + argon2id via Bouncy Castle, NFKC-normalized. - SessionStateJson at-rest serializer for persistence layer. Cross-platform vectors (test-vectors/blob.json, approval.json) gate byte-identical output between TS and Kotlin, including a TS-signed Ed25519 signature the Kotlin port verifies and reproduces (Ed25519 is deterministic). New shade-android-keystore sibling Gradle module (Android-specific): - KeystoreMasterKey: hardware-backed AES-256-GCM with BIOMETRIC_STRONG gating, StrongBox-backed when available, invalidated on enrollment. - BiometricUnlock: coroutine wrapper around BiometricPrompt with tagged cancellation/failure exceptions. - KeystoreStorage: StorageProvider over biometric-gated AES-encrypted SharedPreferences with AAD-bound row keys. All 25 SDK packages typecheck clean; 104 SDK tests + 24 new Kotlin tests + 11 cross-platform vector tests all green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-09 17:38:15 +02:00			`{`
			`"version": 2,`
			`"vectors": [`
			`{`
			`"description": "V4.10 approval signing payload (length-prefixed u16 BE UTF-8)",`
			`"domain": "shade-link-approve-v1",`
			`"requestId": "aabbccddeeff00112233445566778899",`
			`"hostFingerprint": "11111 22222 33333 44444",`
			`"requestingDeviceFingerprint": "55555 66666 77777 88888",`
			`"decision": "approve",`
			`"signingPayload": "001573686164652d6c696e6b2d617070726f76652d76310020616162626363646465656666303031313232333334343535363637373838393900173131313131203232323232203333333333203434343434001735353535352036363636362037373737372038383838380007617070726f7665"`
			`},`
			`{`
			`"description": "V4.10 approval signing payload (length-prefixed u16 BE UTF-8)",`
			`"domain": "shade-link-approve-v1",`
			`"requestId": "aabbccddeeff00112233445566778899",`
			`"hostFingerprint": "11111 22222 33333 44444",`
			`"requestingDeviceFingerprint": "55555 66666 77777 88888",`
			`"decision": "reject",`
			`"signingPayload": "001573686164652d6c696e6b2d617070726f76652d7631002061616262636364646565666630303131323233333434353536363737383839390017313131313120323232323220333333333320343434343400173535353535203636363636203737373737203838383838000672656a656374"`
			`},`
			`{`
			`"description": "V4.10 approval signing payload (length-prefixed u16 BE UTF-8)",`
			`"domain": "prism-link-approve-v1",`
			`"requestId": "00000000000000000000000000000000",`
			`"hostFingerprint": "a",`
			`"requestingDeviceFingerprint": "b",`
			`"decision": "approve",`
			`"signingPayload": "0015707269736d2d6c696e6b2d617070726f76652d7631002030303030303030303030303030303030303030303030303030303030303030300001610001620007617070726f7665"`
			`},`
			`{`
			`"description": "V4.10 approval Ed25519 sign/verify (deterministic seed)",`
			`"seed": "101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f",`
			`"publicKey": "7776e870b93354f2a0b24c23f2a36cc4e80e223218c1b97926fdd018396a2b9b",`
			`"request": {`
			`"requestId": "cafebabe1234567890abcdef00112233",`
			`"hostFingerprint": "host-fp",`
			`"requestingDeviceFingerprint": "req-fp",`
			`"decision": "approve",`
			`"domain": "shade-link-approve-v1"`
			`},`
			`"signingPayload": "001573686164652d6c696e6b2d617070726f76652d7631002063616665626162653132333435363738393061626364656630303131323233330007686f73742d667000067265712d66700007617070726f7665",`
			`"signature": "2a60910d161466a10c5b256548267c6d58f7b25d6035dae4c7ab7770dfb1fe321c5b86120749544d18d0f40e1a3e9ca713724692e265083160da23cee926220e"`
			`}`
			`]`
			`}`