Documentation
¶
Index ¶
- func DecodePrivateKey(s string) (ed25519.PrivateKey, error)
- func DecodePublicKey(s string) (ed25519.PublicKey, error)
- func EncodePrivateKey(key ed25519.PrivateKey) string
- func EncodePublicKey(key ed25519.PublicKey) string
- func SaveIdentity(path string, id *Identity) error
- func Verify(publicKey ed25519.PublicKey, message, signature []byte) bool
- type Identity
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecodePrivateKey ¶
func DecodePrivateKey(s string) (ed25519.PrivateKey, error)
DecodePrivateKey decodes a base64 private key.
func DecodePublicKey ¶
DecodePublicKey decodes a base64 public key.
func EncodePrivateKey ¶
func EncodePrivateKey(key ed25519.PrivateKey) string
EncodePrivateKey returns the private key as base64.
func EncodePublicKey ¶
EncodePublicKey returns the public key as base64.
func SaveIdentity ¶
SaveIdentity writes the identity keypair to a JSON file. Creates parent directories if needed. File is written with mode 0600.
Types ¶
type Identity ¶
type Identity struct {
PublicKey ed25519.PublicKey
PrivateKey ed25519.PrivateKey
}
Identity holds an Ed25519 keypair for a node.
func GenerateIdentity ¶
GenerateIdentity creates a new random Ed25519 keypair.
func LoadIdentity ¶
LoadIdentity reads an identity keypair from a JSON file. Returns nil, nil if the file does not exist (first run).
Emits a WARN (does NOT refuse) when the file's mode permits group or other access. The identity file contains the Ed25519 private key; SaveIdentity always writes 0o600, but an operator who created the file by hand or restored from a permissive backup can end up with 0o644 — group/other readable. The warning gives them a signal to chmod 600 without breaking existing deployments. A future release can promote the warning to a refusal once the fleet has had a release cycle to tighten permissions.
Source Files