type Verifier … type Signer … // keyHash computes the key hash for the given server name and encoded public key. func keyHash(name string, key []byte) uint32 { … } var errVerifierID … var errVerifierAlg … var errVerifierHash … const algEd25519 … // isValidName reports whether name is valid. // It must be non-empty and not have any Unicode spaces or pluses. func isValidName(name string) bool { … } // NewVerifier construct a new [Verifier] from an encoded verifier key. func NewVerifier(vkey string) (Verifier, error) { … } // chop chops s at the first instance of sep, if any, // and returns the text before and after sep. // If sep is not present, chop returns before is s and after is empty. func chop(s, sep string) (before, after string) { … } type verifier … func (v *verifier) Name() string { … } func (v *verifier) KeyHash() uint32 { … } func (v *verifier) Verify(msg, sig []byte) bool { … } // NewSigner constructs a new [Signer] from an encoded signer key. func NewSigner(skey string) (Signer, error) { … } var errSignerID … var errSignerAlg … var errSignerHash … type signer … func (s *signer) Name() string { … } func (s *signer) KeyHash() uint32 { … } func (s *signer) Sign(msg []byte) ([]byte, error) { … } // GenerateKey generates a signer and verifier key pair for a named server. // The signer key skey is private and must be kept secret. func GenerateKey(rand io.Reader, name string) (skey, vkey string, err error) { … } // NewEd25519VerifierKey returns an encoded verifier key using the given name // and Ed25519 public key. func NewEd25519VerifierKey(name string, key ed25519.PublicKey) (string, error) { … } type Verifiers … type UnknownVerifierError … func (e *UnknownVerifierError) Error() string { … } type ambiguousVerifierError … func (e *ambiguousVerifierError) Error() string { … } // VerifierList returns a [Verifiers] implementation that uses the given list of verifiers. func VerifierList(list ...Verifier) Verifiers { … } type nameHash … type verifierMap … func (m verifierMap) Verifier(name string, hash uint32) (Verifier, error) { … } type Note … type Signature … type UnverifiedNoteError … func (e *UnverifiedNoteError) Error() string { … } type InvalidSignatureError … func (e *InvalidSignatureError) Error() string { … } var errMalformedNote … var errInvalidSigner … var errMismatchedVerifier … var sigSplit … var sigPrefix … // Open opens and parses the message msg, checking signatures from the known verifiers. // // For each signature in the message, Open calls known.Verifier to find a verifier. // If known.Verifier returns a verifier and the verifier accepts the signature, // Open records the signature in the returned note's Sigs field. // If known.Verifier returns a verifier but the verifier rejects the signature, // Open returns an InvalidSignatureError. // If known.Verifier returns an UnknownVerifierError, // Open records the signature in the returned note's UnverifiedSigs field. // If known.Verifier returns any other error, Open returns that error. // // If no known verifier has signed an otherwise valid note, // Open returns an [UnverifiedNoteError]. // In this case, the unverified note can be fetched from inside the error. func Open(msg []byte, known Verifiers) (*Note, error) { … } // Sign signs the note with the given signers and returns the encoded message. // The new signatures from signers are listed in the encoded message after // the existing signatures already present in n.Sigs. // If any signer uses the same key as an existing signature, // the existing signature is elided from the output. func Sign(n *Note, signers ...Signer) ([]byte, error) { … }