The runtime-free half of a huddle identity: the Ed25519 signing key, its
derived 24-char fingerprint, and (on demand) the ML-KEM-768 keypair derived
from the same seed.
huddle 1.1.4: domain-separation prefix for the relay client-auth
challenge-response. The client signs RELAY_AUTH_DOMAIN || nonce with its
Ed25519 identity key; the relay verifies that signature against the
presented pubkey and checks the pubkey hashes to the claimed fingerprint.
The distinct domain tag keeps this signature from ever being mistaken for a
SignedRoomMessage envelope (which commits a different tag).
Derive the human-facing 24-char fingerprint from an Ed25519 public key.
Format: xxxx-xxxx-xxxx-xxxx-xxxx-xxxx (6 groups of 4 hex chars, 24 hex
chars total = 12 bytes = 96 bits of SHA-256 over the pubkey). Public so
crypto::verify_signed can re-derive it from a signed envelope’s pubkey
and check that it matches the asserted fingerprint.
Build the exact bytes a client signs to prove control of its identity key to
the relay: the domain tag followed by the server’s challenge nonce. The
relay (huddle-server) now calls this same function, so the two stay
byte-for-byte in sync by construction.
huddle 0.7.8: 12-hex Safety Code derived from the same SHA-256 of the
Ed25519 pubkey that backs compute_fingerprint. Format
SAFE-XXXX-XXXX-XXXX (uppercase, dash-separated). Display-only — a shorter,
less ambiguous handle to compare against a friend at the start of a session.