41 lines
1.1 KiB
Go
41 lines
1.1 KiB
Go
package cybersecurity
|
|
|
|
import (
|
|
"crypto/ed25519"
|
|
"crypto/rand"
|
|
|
|
"golang.org/x/crypto/nacl/box"
|
|
)
|
|
|
|
// Identity holds a dual keypair for a messaging participant:
|
|
// an Ed25519 keypair for signing and a X25519 keypair for key exchange.
|
|
type Identity struct {
|
|
SignPub []byte // Ed25519 public key (32 bytes)
|
|
SignPriv []byte // Ed25519 private key (64 bytes)
|
|
KexPub []byte // X25519 public key (32 bytes)
|
|
KexPriv []byte // X25519 private key (32 bytes)
|
|
}
|
|
|
|
// GenerateIdentity creates a new Identity with freshly generated Ed25519 and X25519 keypairs.
|
|
// Ed25519 keys are used for signing; X25519 keys for key exchange (sealed box).
|
|
func GenerateIdentity() (Identity, error) {
|
|
// Ed25519 keypair for message signing
|
|
signPub, signPriv, err := ed25519.GenerateKey(rand.Reader)
|
|
if err != nil {
|
|
return Identity{}, err
|
|
}
|
|
|
|
// X25519 keypair for key exchange (nacl/box uses Curve25519 internally)
|
|
kexPub, kexPriv, err := box.GenerateKey(rand.Reader)
|
|
if err != nil {
|
|
return Identity{}, err
|
|
}
|
|
|
|
return Identity{
|
|
SignPub: []byte(signPub),
|
|
SignPriv: []byte(signPriv),
|
|
KexPub: kexPub[:],
|
|
KexPriv: kexPriv[:],
|
|
}, nil
|
|
}
|