bitwarden
diff --git a/‎Cargo.lock
+5 b/‎Cargo.lock
+5
diff --git a/‎crates/bitwarden-crypto/Cargo.toml
+1 b/‎crates/bitwarden-crypto/Cargo.toml
+1
diff --git a/‎crates/bitwarden-crypto/src/cose.rs
+5 b/‎crates/bitwarden-crypto/src/cose.rs
+5
diff --git a/‎crates/bitwarden-crypto/src/error.rs
+6 b/‎crates/bitwarden-crypto/src/error.rs
+6
diff --git a/‎crates/bitwarden-crypto/src/keys/key_id.rs
+7 b/‎crates/bitwarden-crypto/src/keys/key_id.rs
+7
diff --git a/‎crates/bitwarden-crypto/src/keys/mod.rs
+1 b/‎crates/bitwarden-crypto/src/keys/mod.rs
+1
@@ -33,6 +33,7 @@ cbc = { version = ">=0.1.2, <0.2", features = ["alloc", "zeroize"] }
 chacha20poly1305 = { version = "0.10.1" }
 ciborium = { version = ">=0.2.2, <0.3" }
 coset = { version = ">=0.3.8, <0.4" }
+ed25519-dalek = { version = "2.1.1", features = ["rand_core"] }
 generic-array = { version = ">=0.14.7, <1.0", features = ["zeroize"] }
 hkdf = ">=0.12.3, <0.13"
 hmac = ">=0.12.1, <0.13"
 
@@ -16,6 +16,11 @@ use crate::{
 /// the draft was never published as an RFC, we use a private-use value for the algorithm.
 pub(crate) const XCHACHA20_POLY1305: i64 = -70000;
 
+// Labels
+//
+// The label used for the namespace ensuring strong domain separation when using signatures.
+pub(crate) const SIGNING_NAMESPACE: i64 = -80000;
+
 /// Encrypts a plaintext message using XChaCha20Poly1305 and returns a COSE Encrypt0 message
 pub(crate) fn encrypt_xchacha20_poly1305(
     plaintext: &[u8],
 
@@ -56,6 +56,12 @@ pub enum CryptoError {
 
     #[error("Invalid nonce length")]
     InvalidNonceLength,
+
+    #[error("Invalid signature")]
+    InvalidSignature,
+
+    #[error("Invalid namespace")]
+    InvalidNamespace,
 }
 
 #[derive(Debug, Error)]
 
@@ -9,6 +9,7 @@ pub(crate) const KEY_ID_SIZE: usize = 16;
 /// A key id is a unique identifier for a single key. There is a 1:1 mapping between key ID and key
 /// bytes, so something like a user key rotation is replacing the key with ID A with a new key with
 /// ID B.
+#[derive(Clone)]
 pub(crate) struct KeyId(uuid::Uuid);
 
 /// Fixed length identifiers for keys.
@@ -38,6 +39,12 @@ impl From<KeyId> for [u8; KEY_ID_SIZE] {
     }
 }
 
+impl From<&KeyId> for Vec<u8> {
+    fn from(key_id: &KeyId) -> Self {
+        key_id.0.as_bytes().to_vec()
+    }
+}
+
 impl From<[u8; KEY_ID_SIZE]> for KeyId {
     fn from(bytes: [u8; KEY_ID_SIZE]) -> Self {
         KeyId(Uuid::from_bytes(bytes))
 
@@ -14,6 +14,7 @@ mod asymmetric_crypto_key;
 pub use asymmetric_crypto_key::{
     AsymmetricCryptoKey, AsymmetricEncryptable, AsymmetricPublicCryptoKey,
 };
+mod signing_crypto_key;
 mod user_key;
 pub use user_key::UserKey;
 mod device_key;