Aries and Askar Wallet
RTGS.global uses the Aries cloud agent with data persisted in the Askar wallet to support digital signatures.
Aries Agent
The Aries agent installation comprises two components:
- The agent instance (ACA-Py) operating in a managed container environment
- A PostgreSQL data store containing the encrypted Askar wallet
Askar Wallet��
The wallet provides secure, encrypted-at-rest storage and key management. The wallet encryption key is created during installation and stored as a mounted secret.
The storage uses an enhanced SQLCipher implementation with the following improvements over defaults:
| Setting | Value |
|---|---|
| HMAC algorithm | HMAC-SHA256 (vs HMAC-SHA1) |
| Passphrase key derivation | PBKDF2 100K rounds (vs 64K) |
| HMAC key derivation | PBKDF2 10 rounds (vs 2) |
| Page size | 2K (vs 1K) |
Signature Generation
Digital signatures combine two elements:
- The public DID associated with an organisation's gateway (established during onboarding and recorded on the blockchain ledger)
- A private DID linked to the message recipient (created when a relationship forms between network participants)
Private DIDs and their associated connections are rotated regularly for security.
The system uses the ED25519 algorithm to generate a digital signature based on the request payload and associated metadata. The signature is formatted as a JWT-like structure, attached to the message headers as rtgs-global-sig, and verified by the recipient before processing.
All messages transiting the network are also recorded in an immutable data store for auditing purposes.