# memokey
**memokey** is a Rust CLI tool for **generating, managing, and verifying Ed25519 keys** for the [memobuild](https://github.com/nrelab/memobuild) supply-chain system.
It provides a Sigstore-style workflow for signing artifacts, maintaining decentralized trust keyrings, and computing key fingerprints.
---
## Features
- Generate Ed25519 key pairs
- Export public keys in **PEM format**
- Compute SHA256 fingerprints for public keys
- Save keys locally in `keys/`
- Easily integrate with a **memobuild keyring**
- Modular CLI ready for **artifact signing and verification**
---
## Installation
### From crates.io
```bash
cargo install memokey
````
### From source
```bash
git clone https://github.com/nrelab/memokey.git
cd memokey
cargo build --release
```
---
## Usage
### Generate a new key pair
```bash
memokey generate alice
```
Output:
```
=== KEY GENERATED ===
Public Key (PEM):
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEA...
-----END PUBLIC KEY-----
Fingerprint:
b1d5f2c8e9...
```
Keys are saved in `keys/`:
```
keys/alice.key # Private key
keys/alice.pub # Public key
```
---
### Integrate with keyring
```bash
# Create keyring structure if not exists
mkdir -p ../keyring/{maintainers,fingerprints,revoked,transparency}
# Copy public key
cp keys/alice.pub ../keyring/maintainers/
# Generate fingerprint
Your keyring is now ready for **memobuild verification**.
---
### Future CLI Commands
* `memokey sign <artifact>` – Sign artifacts with a private key
* `memokey verify <artifact>` – Verify signatures using keyring
* `memokey fingerprint <pubkey>` – Show SHA256 fingerprint
* `memokey sync-keyring` – Update keyring from remote repo
---
## Security Notes
* **Never commit private keys** to the repo
* Use **Ed25519** keys for modern, fast, and secure signatures
* Keep `keys/` private and backed up
* Use keyring and transparency logs for decentralized trust
---
## License
MIT OR Apache-2.0
---
## Repository
[https://github.com/nrelab/memokey](https://github.com/nrelab/memokey)