Metadata-Version: 2.4
Name: fait-prism-core
Version: 1.0.1
Summary: Cryptographic primitives for biometric template protection and key management.
License: Apache-2.0
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: numpy>=1.24
Requires-Dist: pycryptodome>=3.19
Requires-Dist: cryptography>=41.0
Provides-Extra: dev
Requires-Dist: pytest>=7.0; extra == "dev"
Requires-Dist: cython>=3.0; extra == "dev"
Dynamic: license-file

# prism-core

Cryptographic primitives for biometric template protection and key management.

## Install

```bash
pip install prism-core
```

## Modules

| Module | Class | Description |
|--------|-------|-------------|
| `prism.fuzzy` | `FuzzyExtractor` | Sample-then-Lock (STL) biometric template protection |
| `prism.keys` | `KeyDerivationManager` | HKDF-SHA256 hierarchical key derivation |
| `prism.vault` | `AESVault` | AES-256-GCM authenticated encryption for numpy arrays and bytes |
| `prism.limiter` | `RateLimiter` | Sliding-window rate limiter with auto-suspension |

## Quick Start

```python
from prism import FuzzyExtractor, KeyDerivationManager, AESVault, RateLimiter

# --- Fuzzy Extractor ---
fe = FuzzyExtractor(n_lockers=1024, locker_size=8)
import numpy as np
feature = np.random.randn(1, 192).astype(np.float32)
secret = b"my-16-byte-key!!"
helper = fe.lock_secret(feature, secret)
recovered, stats = fe.unlock_secret(feature, helper)
assert recovered == secret

# --- Key Derivation ---
km = KeyDerivationManager(key_source=b"\x00" * 32)  # or path to key file
wallet_key = km.derive("myapp:wallet")
user_fernet = km.get_user_fernet("user-123")

# --- AES Vault ---
vault = AESVault()
import os
key = os.urandom(32)
arr = np.random.randn(1, 100).astype(np.float32)
record = vault.encrypt(key, arr)
decrypted = vault.decrypt(key, record)

# --- Rate Limiter ---
rl = RateLimiter(soft_limit=5, hard_limit=10, window_seconds=60)
allowed, msg = rl.check_and_record("device-001")
```

## License

Apache 2.0
