macula_registry_verify (macula v0.20.5)

View Source

Macula Registry Signature Verification

Provides Ed25519 digital signature operations for package verification: - Keypair generation - Package signing - Signature verification - Public key validation

All functions are stateless and can be called directly.

Summary

Functions

compute_checksum(Data)

Compute SHA-256 checksum of data

decode_public_key(HexKey)

Decode hex-encoded public key back to binary

encode_public_key(PublicKey)

Encode public key as hex string for display/storage

generate_keypair()

Generate a new Ed25519 keypair Returns {PublicKey, PrivateKey} as raw binaries

sign_data(Data, PrivateKey)

Sign arbitrary data with Ed25519 private key

sign_package(ManifestBin, BeamArchive, PrivateKey)

Sign package data (manifest + archive) The signature covers the SHA-256 hash of (manifest_binary ++ beam_archive)

validate_private_key(PrivateKey)

Validate that a binary is a valid Ed25519 private key

validate_public_key(PublicKey)

Validate that a binary is a valid Ed25519 public key

verify_package(ManifestBin, BeamArchive, Signature, PublicKey)

Verify package signature Reconstructs the signed data from manifest and archive, then verifies

verify_signature(Data, Signature, PublicKey)

Verify a signature against data and public key

Functions

compute_checksum(Data)

-spec compute_checksum(Data :: binary()) -> binary().

Compute SHA-256 checksum of data

decode_public_key(HexKey)

-spec decode_public_key(HexKey :: binary()) -> {ok, binary()} | {error, invalid_format}.

Decode hex-encoded public key back to binary

encode_public_key(PublicKey)

-spec encode_public_key(PublicKey :: binary()) -> binary().

Encode public key as hex string for display/storage

generate_keypair()

-spec generate_keypair() -> {PublicKey :: binary(), PrivateKey :: binary()}.

Generate a new Ed25519 keypair Returns {PublicKey, PrivateKey} as raw binaries

sign_data(Data, PrivateKey)

-spec sign_data(Data :: binary(), PrivateKey :: binary()) -> Signature :: binary().

Sign arbitrary data with Ed25519 private key

sign_package(ManifestBin, BeamArchive, PrivateKey)

-spec sign_package(ManifestBin :: binary(), BeamArchive :: binary(), PrivateKey :: binary()) ->
                      {ok, Signature :: binary()} | {error, term()}.

Sign package data (manifest + archive) The signature covers the SHA-256 hash of (manifest_binary ++ beam_archive)

validate_private_key(PrivateKey)

-spec validate_private_key(PrivateKey :: binary()) -> ok | {error, invalid_key}.

Validate that a binary is a valid Ed25519 private key

validate_public_key(PublicKey)

-spec validate_public_key(PublicKey :: binary()) -> ok | {error, invalid_key}.

Validate that a binary is a valid Ed25519 public key

verify_package(ManifestBin, BeamArchive, Signature, PublicKey)

-spec verify_package(ManifestBin :: binary(),
                     BeamArchive :: binary(),
                     Signature :: binary(),
                     PublicKey :: binary()) ->
                        ok | {error, term()}.

Verify package signature Reconstructs the signed data from manifest and archive, then verifies

verify_signature(Data, Signature, PublicKey)

-spec verify_signature(Data :: binary(), Signature :: binary(), PublicKey :: binary()) ->
                          ok | {error, invalid_signature}.

Verify a signature against data and public key