remove duplicated types, add license and readme files

Author: wolfv

Cargo.toml

@@ -18,7 +18,7 @@ members = [
 [workspace.package]
 version = "0.1.1"
 edition = "2021"
-license = "Apache-2.0"
+license = "BSD-3-Clause"
 repository = "https://github.com/sigstore/sigultimate"
 rust-version = "1.70"
 

LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2025, prefix.dev GmbH.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of the copyright holder nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

crates/sigstore-bundle/README.md

@@ -0,0 +1,55 @@
+# sigstore-bundle
+
+Bundle format handling for [sigstore-rust](https://github.com/sigstore/sigstore-rust).
+
+## Overview
+
+This crate handles Sigstore bundle creation, parsing, and validation. A Sigstore bundle is a self-contained package that includes a signature, verification material (certificates or public keys), and transparency log entries.
+
+## Features
+
+- **Bundle parsing**: Load bundles from JSON (v0.1, v0.2, v0.3 formats)
+- **Bundle creation**: Build bundles programmatically with `BundleBuilder`
+- **Validation**: Structural validation of bundle contents
+- **Version handling**: Support for multiple bundle format versions
+- **Media type detection**: Automatic format detection from media type
+
+## Bundle Versions
+
+| Version | Media Type | Notes |
+|---------|------------|-------|
+| 0.1 | `application/vnd.dev.sigstore.bundle+json;version=0.1` | Legacy format |
+| 0.2 | `application/vnd.dev.sigstore.bundle+json;version=0.2` | Added DSSE support |
+| 0.3 | `application/vnd.dev.sigstore.bundle.v0.3+json` | Current format |
+
+## Usage
+
+```rust
+use sigstore_bundle::{BundleBuilder, ValidationOptions};
+use sigstore_types::Bundle;
+
+// Parse a bundle
+let bundle: Bundle = serde_json::from_str(bundle_json)?;
+
+// Validate structure
+let options = ValidationOptions::default();
+sigstore_bundle::validate(&bundle, &options)?;
+
+// Build a bundle
+let bundle = BundleBuilder::new()
+    .certificate_chain(certs)
+    .signature(signature)
+    .tlog_entry(entry)
+    .build()?;
+```
+
+## Related Crates
+
+Used by:
+
+- [`sigstore-verify`](../sigstore-verify) - Parses bundles for verification
+- [`sigstore-sign`](../sigstore-sign) - Creates bundles after signing
+
+## License
+
+BSD-3-Clause

crates/sigstore-crypto/README.md

@@ -0,0 +1,55 @@
+# sigstore-crypto
+
+Cryptographic primitives for [sigstore-rust](https://github.com/sigstore/sigstore-rust).
+
+## Overview
+
+This crate provides key generation, signing, and verification functionality using `aws-lc-rs` as the cryptographic backend. It supports the key types and signature algorithms used in the Sigstore ecosystem.
+
+## Features
+
+- **Key generation**: Ed25519, ECDSA P-256, ECDSA P-384
+- **Signing and verification**: Multiple signature schemes with automatic algorithm detection
+- **Checkpoint verification**: Extension trait for verifying signed tree head signatures
+- **Certificate parsing**: X.509 certificate information extraction
+- **Keyring**: Key management for multi-key verification scenarios
+- **Hash functions**: SHA-256, SHA-384, SHA-512
+
+## Supported Algorithms
+
+| Algorithm | Key Generation | Signing | Verification |
+|-----------|---------------|---------|--------------|
+| Ed25519 | Yes | Yes | Yes |
+| ECDSA P-256 (SHA-256) | Yes | Yes | Yes |
+| ECDSA P-384 (SHA-384) | Yes | Yes | Yes |
+
+## Usage
+
+```rust
+use sigstore_crypto::{KeyPair, SigningScheme, verify_signature};
+
+// Generate a new key pair
+let keypair = KeyPair::generate(SigningScheme::EcdsaP256Sha256)?;
+
+// Sign data
+let signature = keypair.sign(b"message")?;
+
+// Verify a signature
+verify_signature(
+    &public_key_der,
+    message,
+    &signature,
+    SigningScheme::EcdsaP256Sha256,
+)?;
+```
+
+## Related Crates
+
+This crate provides cryptographic operations for:
+
+- [`sigstore-verify`](../sigstore-verify) - Signature verification
+- [`sigstore-sign`](../sigstore-sign) - Signature creation
+
+## License
+
+BSD-3-Clause