Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SaveIdentity ¶
func SaveIdentity(identity *IdentityInfo, path string) error
Types ¶
type IdentityInfo ¶
func GenerateIdentity ¶
func GenerateIdentity() (*IdentityInfo, error)
func LoadIdentity ¶
func LoadIdentity(path string) (*IdentityInfo, error)
type NodeKeys ¶
type NodeKeys struct {
LibP2PPrivateKey ed25519.PrivateKey // Ed25519 for LibP2P identity
LibP2PPublicKey ed25519.PublicKey
WireGuardKey [32]byte // Curve25519 private key (clamped)
WireGuardPubKey [32]byte // Curve25519 public key
IPFSPrivateKey ed25519.PrivateKey
IPFSPublicKey ed25519.PublicKey
ClusterPrivateKey ed25519.PrivateKey // IPFS Cluster identity
ClusterPublicKey ed25519.PublicKey
JWTPrivateKey ed25519.PrivateKey // EdDSA JWT signing key
JWTPublicKey ed25519.PublicKey
}
NodeKeys holds all cryptographic keys derived from a wallet's master key.
func DeriveNodeKeysFromWallet ¶
DeriveNodeKeysFromWallet calls `rw derive` to get a master key from the user's Root Wallet, then expands it into all node keys. The wallet's private key never leaves the `rw` process.
vpsIP is used as the HKDF info parameter, so each VPS gets unique keys from the same wallet. Stdin is passed through so rw can prompt for the wallet password.
func ExpandNodeKeys ¶
ExpandNodeKeys expands a 32-byte master key into all node keys using HKDF-SHA256. The master key should come from `rw derive --salt "orama-node" --info "<IP>"`.
Each key type uses a different HKDF info string under the salt "orama-expand", ensuring cryptographic independence between key types.
Source Files