feature: download set

cmd/dkl-local-server/secrets.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/ed25519"
 	"encoding/json"
 	"errors"
 	"os"
@@ -9,6 +10,7 @@ import (
 
 	"github.com/cloudflare/cfssl/certinfo"
 	"github.com/cloudflare/cfssl/config"
+	"github.com/cloudflare/cfssl/helpers/derhelpers"
 	"github.com/cloudflare/cfssl/log"
 )
 
@@ -73,3 +75,33 @@ func checkCertUsable(certPEM []byte) error {
 
 	return nil
 }
+
+func dlsSigningKeys() (ed25519.PrivateKey, ed25519.PublicKey) {
+	var signerDER []byte
+
+	if err := readSecret("signer", &signerDER); os.IsNotExist(err) {
+		_, key, err := ed25519.GenerateKey(nil)
+		if err != nil {
+			panic(err)
+		}
+
+		signerDER, err = derhelpers.MarshalEd25519PrivateKey(key)
+		if err != nil {
+			panic(err)
+		}
+
+		writeSecret("signer", signerDER)
+	} else if err != nil {
+		panic(err)
+	}
+
+	pkeyGeneric, err := derhelpers.ParseEd25519PrivateKey(signerDER)
+	if err != nil {
+		panic(err)
+	}
+
+	pkey := pkeyGeneric.(ed25519.PrivateKey)
+	pubkey := pkey.Public().(ed25519.PublicKey)
+
+	return pkey, pubkey
+}