A single entry in a hash-chained append-only audit log.
Fields:
:seq— monotonically increasing position. The first entry is1.:prev_hash—content_hashof the previous entry. The genesis entry uses 32 zero bytes.:content_hash—SHA-256(prev_hash || canonical(seq, payload, inserted_at))wherecanonical/3is:erlang.term_to_binary(term, [:deterministic]). Recomputable from:prev_hash,:seq,:payload,:inserted_at—Pkcs11ex.Audit.verify/1does exactly that walk.:payload— application-defined. The library logs whatever you hand it. For signature audit, typically a map with the JWS string, signer subject_id from policy, key_ref, and any extra context.:inserted_at—DateTime.t()in UTC, second-precision (the hash uses ISO-8601 string of this).
Summary
Types
@type t() :: %Pkcs11ex.Audit.Entry{ content_hash: <<_::256>>, inserted_at: DateTime.t(), payload: term(), prev_hash: <<_::256>>, seq: pos_integer() }