Documentation
¶
Overview ¶
Package keysource defines the interface the daemon uses to sign receipts. The shape (Sign / PublicKey / Init / Teardown) follows ADR-0015 so PKCS#11 and cloud-KMS adapters land later as new types implementing this interface, not as a redesign of the daemon's signing path. Key rotation is daemon-level (daemon.RotateKey), not a KeySource method — see the note below the interface.
Phase 1 ships only the file-backed adapter (file.go).
Index ¶
Constants ¶
const MaxKeyFileBytes int64 = 16 * 1024
MaxKeyFileBytes is the upper bound on the PEM file size File.Init will read. Generous: a PKCS#8-wrapped Ed25519 private key is ~120 bytes and the PEM envelope adds <100 bytes; 16 KiB tolerates wrapped or commented keys while still capping memory pressure on a misconfigured path.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type File ¶
type File struct {
// Path is the PEM private-key path (PKCS#8). Required.
Path string
// VerificationMethodID is the DID URL embedded in proof.verificationMethod.
// Required: receipts with an empty verification method aren't independently
// verifiable.
VerificationMethodID string
// RequireOwnerOnly, when true, refuses to load a key whose file mode allows
// group or world access. Defaults to true; tests can disable for tmpfile
// fixtures whose perms are platform-controlled.
RequireOwnerOnly bool
// contains filtered or unexported fields
}
File is a KeySource backed by a PEM-encoded Ed25519 private key on disk. Phase 1 uses this exclusively. Future ADR-0015 adapters (PKCS#11, cloud KMS) implement KeySource alongside this type.
func (*File) VerificationMethod ¶
VerificationMethod returns the configured verification-method ID.
type KeySource ¶
type KeySource interface {
// Init loads or wires up key material. Called once at daemon startup.
// Implementations MUST fail loudly when keys are missing or malformed —
// silently signing with a default-generated key would defeat the audit
// property.
Init() error
// Sign returns the Ed25519 signature over message. The signature is the
// raw 64-byte form; the caller multibase-encodes it.
Sign(message []byte) ([]byte, error)
// PublicKey returns the PEM-encoded SPKI public key for verifiers.
PublicKey() (string, error)
// VerificationMethod returns the DID URL or other reference verifiers use
// to look up the public key. Daemon embeds this in proof.verificationMethod.
VerificationMethod() string
// Teardown wipes any in-memory key material. Called on graceful daemon
// shutdown.
Teardown() error
}
KeySource signs canonical receipt bytes and exposes the matching public key. Implementations MUST be safe for concurrent use; the daemon signs from many goroutines.