Function run 

pub fn run(key_path: PathBuf, image_path: PathBuf) -> Result<()>

Verify the Ed25519 signature on a signed Hexz archive.

This function validates that the archive’s Master Index has not been modified since it was signed, and that the signature was created by the holder of the corresponding private key.

Arguments

• key_path - Path to the Ed25519 public key file (32 bytes)
• image_path - Path to the signed Hexz archive file

Process

1. Opens the archive and reads the header
2. Checks that signature metadata exists in header
3. Reads the 64-byte signature from the file
4. Reads the Master Index (from header.index_offset to signature offset)
5. Computes SHA-256 digest of the index
6. Verifies the Ed25519 signature against the digest

Returns

Returns Ok(()) if signature is valid, or an error if:

• Archive is not signed (missing signature metadata)
• Public key file cannot be read
• Archive file is malformed
• Signature length is invalid (not 64 bytes)
• Signature verification fails (tampered index or wrong key)

Example

let key = PathBuf::from("~/.hexz/keys/public.key");
let archive = PathBuf::from("snapshot.hxz");

match verify::run(key, archive) {
    Ok(()) => println!("✓ Signature valid"),
    Err(e) => eprintln!("✗ Verification failed: {}", e),
}