Expand description
Ed25519 key pair generation for archive signing.
This command generates cryptographic signing keys used to sign and verify Hexz archives, ensuring authenticity and integrity.
§Key Generation
The keygen command creates an Ed25519 key pair:
- Private key (
private.key): Used to sign archives - Public key (
public.key): Used to verify signatures
§Security Considerations
- Private Key Protection: Store private keys securely with restricted permissions (chmod 600)
- Key Distribution: Share public keys safely; they can be freely distributed
- Backup: Maintain secure backups of private keys to prevent loss
§Usage
# Generate keys in current directory
hexz sys keygen
# Generate keys in specific directory
hexz sys keygen --output-dir ~/.hexz/keys
# Secure the private key
chmod 600 ~/.hexz/keys/private.key§Integration with Archive Signing
After generating keys, use them to sign archives:
# Sign an archive
hexz sys sign --key private.key snapshot.st
# Verify the signature
hexz sys verify --key public.key snapshot.st§Implementation
Uses Ed25519 signatures via the ed25519-dalek crate for:
- Fast signature generation and verification
- 64-byte signatures
- Strong cryptographic security (128-bit security level)
Functions§
- run
- Generate an Ed25519 signing key pair.