7 "github.com/docker/notary/trustmanager"
8 "github.com/docker/notary/tuf/data"
9 "github.com/docker/notary/tuf/utils"
12 type edCryptoKey struct {
14 privKey data.PrivateKey
17 // Ed25519 implements a simple in memory cryptosystem for ED25519 keys
19 keys map[string]edCryptoKey
22 // NewEd25519 initializes a new empty Ed25519 CryptoService that operates
24 func NewEd25519() *Ed25519 {
26 make(map[string]edCryptoKey),
30 // AddKey allows you to add a private key
31 func (e *Ed25519) AddKey(role, gun string, k data.PrivateKey) error {
36 // addKey allows you to add a private key
37 func (e *Ed25519) addKey(role string, k data.PrivateKey) {
38 e.keys[k.ID()] = edCryptoKey{
44 // RemoveKey deletes a key from the signer
45 func (e *Ed25519) RemoveKey(keyID string) error {
50 // ListKeys returns the list of keys IDs for the role
51 func (e *Ed25519) ListKeys(role string) []string {
52 keyIDs := make([]string, 0, len(e.keys))
53 for id, edCryptoKey := range e.keys {
54 if edCryptoKey.role == role {
55 keyIDs = append(keyIDs, id)
61 // ListAllKeys returns the map of keys IDs to role
62 func (e *Ed25519) ListAllKeys() map[string]string {
63 keys := make(map[string]string)
64 for id, edKey := range e.keys {
70 // Create generates a new key and returns the public part
71 func (e *Ed25519) Create(role, gun, algorithm string) (data.PublicKey, error) {
72 if algorithm != data.ED25519Key {
73 return nil, errors.New("only ED25519 supported by this cryptoservice")
76 private, err := utils.GenerateED25519Key(rand.Reader)
81 e.addKey(role, private)
82 return data.PublicKeyFromPrivate(private), nil
85 // PublicKeys returns a map of public keys for the ids provided, when those IDs are found
87 func (e *Ed25519) PublicKeys(keyIDs ...string) (map[string]data.PublicKey, error) {
88 k := make(map[string]data.PublicKey)
89 for _, keyID := range keyIDs {
90 if edKey, ok := e.keys[keyID]; ok {
91 k[keyID] = data.PublicKeyFromPrivate(edKey.privKey)
97 // GetKey returns a single public key based on the ID
98 func (e *Ed25519) GetKey(keyID string) data.PublicKey {
99 if privKey, _, err := e.GetPrivateKey(keyID); err == nil {
100 return data.PublicKeyFromPrivate(privKey)
105 // GetPrivateKey returns a single private key and role if present, based on the ID
106 func (e *Ed25519) GetPrivateKey(keyID string) (data.PrivateKey, string, error) {
107 if k, ok := e.keys[keyID]; ok {
108 return k.privKey, k.role, nil
110 return nil, "", trustmanager.ErrKeyNotFound{KeyID: keyID}