SDK Implementation Overview

I. SDK Philosophy and Implementation

The GetTrusted Mobile Identity System is built around a core Software Development Kit (SDK) implemented in Rust. This design choice ensures that all critical security and networking logic is handled in a single, highly performant, and memory-safe codebase, minimizing the attack surface within the higher-level mobile application framework. Additionally this brings cross complication beneifts where we can leverage the same code across, iOS, MacOS, Android, Linux, and Windows.

Key Implementation Details

  • Core Language: Rust

    • Benefit: Provides robust memory safety (eliminating null pointers, buffer overflows) and high performance, which is crucial for cryptographic operations.

    • Benefit: Facilitates cross-compilation, allowing the core logic to be easily compiled into libraries for iOS, Android, and other platforms, ensuring consistency across the ecosystem.

  • Platform Integration:

    • Platform-specific components (Layers 1 and 2, e.g., accessing the Secure Enclave) are implemented in Rust where available or when necessary in native code (e.g., Swift/Kotlin wrappers) which call into the Rust SDK via Foreign Function Interfaces (FFI).

    • This is achieved through factory patterns to dynamically select the correct native implementation at runtime.

  • Mobile Client/UI Layer:

    • The user interface is implemented using frameworks Ionic and Capacitor. This enables cross platform capabilities on iOS and Android and simplifies mobile development to React based development.

    • The mobile application is intentionally designed to be "dumb," relying on the SDK for all business logic, key management, and communication.

    • The SDK communicates with the mobile application layer exclusively through events, ensuring clear separation between the presentation layer and the secure identity core.

II. SDK Responsibilities

The SDK acts as the exclusive gatekeeper for all external communications and security operations, eliminating the need for the mobile application to handle sensitive data or complex protocols.

Responsibility

Description

Cryptographic Operations

Executes all identity creation (BIP39, PBKDF2), key derivation, data encryption (AES-GCM), and X.509 certificate generation/validation.

Communication Layer

Manages all network traffic, including direct API calls and persistent WebSockets to the API Server and Attestation Server.

Authentication & Validation

Generates, signs, and validates the authentication JWTs containing Device ID, permissions, and Hardware/Key Attestation Tokens. Answers Challanges and Provides Responses.

Key & Storage Abstraction

Manages the secure storage of Device Keys and Certificates within platform-specific HSMs and Keystores (Layer 3).

Trust Event Logging

Coordinates the submission of all critical trust events (creation, recovery, trust exchange) to the Attestation Server's public, verifiable log.

III. Layered SDK Architecture

The SDK is organized into a five-layer architecture, with clear separation of concerns, ensuring hardware isolation is enforced at the lowest levels and business logic is handled at the highest.

PreviousHigh-Level ArchitectureNextHardware Key Operations

Last updated