upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

feat(identityproof): Ed25519 app keys

Browse source 
Add Manager::generateEd25519AppKey: persist a sodium-generated
Ed25519 keypair (raw 32-byte public, 64-byte secret) under the same
appdata layout the existing RSA path uses. Used by OCMSignatoryManager
for the slotted RFC 9421 signing keys.

Signed-off-by: Micke Nordin <kano@sunet.se>
This commit is contained in:
Micke Nordin 2026-05-05 16:29:32 +02:00 committed by Micke Nordin
parent 0eb927e617
commit 3a99cf9a67
1 changed files with 24 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
lib/private/Security/IdentityProof/Manager.php
View file

@ -178,6 +178,30 @@ class Manager {
return $this->generateKey($this->generateAppKeyId($app, $name), $options);
}
/**
* Generate an Ed25519 keypair via libsodium. Returns raw 32-byte public
* + 64-byte secret (sodium seed||publickey), no PEM. Overwrites if
* already present.
*/
public function generateEd25519AppKey(string $app, string $name): Key {
$keyPair = sodium_crypto_sign_keypair();
$publicKey = sodium_crypto_sign_publickey($keyPair);
$privateKey = sodium_crypto_sign_secretkey($keyPair);
$id = $this->generateAppKeyId($app, $name);
try {
$this->appData->newFolder($id);
} catch (\Exception) {
}
$folder = $this->appData->getFolder($id);
$folder->newFile('private')
->putContent($this->crypto->encrypt($privateKey));
$folder->newFile('public')
->putContent($publicKey);
return new Key($publicKey, $privateKey);
}
public function deleteAppKey(string $app, string $name): bool {
try {
$folder = $this->appData->getFolder($this->generateAppKeyId($app, $name));