fetch_ml/cmd/gen-keys/main.go

// Package main implements a tool for generating Ed25519 signing keys
package main

import (
	"flag"
	"fmt"
	"log"
	"os"

	"github.com/jfraeys/fetch_ml/internal/crypto"
)

func main() {
	var (
		outDir = flag.String("out", "./keys", "Output directory for keys")
		keyID  = flag.String("key-id", "manifest-signer-1", "Key identifier")
	)
	flag.Parse()

	// Create output directory
	if err := os.MkdirAll(*outDir, 0700); err != nil {
		log.Fatalf("Failed to create output directory: %v", err)
	}

	// Generate keypair
	publicKey, privateKey, err := crypto.GenerateSigningKeys()
	if err != nil {
		log.Fatalf("Failed to generate signing keys: %v", err)
	}

	// Define paths
	privKeyPath := fmt.Sprintf("%s/%s_private.key", *outDir, *keyID)
	pubKeyPath := fmt.Sprintf("%s/%s_public.key", *outDir, *keyID)

	// Save private key (restricted permissions)
	if err := crypto.SavePrivateKeyToFile(privateKey, privKeyPath); err != nil {
		log.Fatalf("Failed to save private key: %v", err)
	}

	// Save public key
	if err := crypto.SavePublicKeyToFile(publicKey, pubKeyPath); err != nil {
		log.Fatalf("Failed to save public key: %v", err)
	}

	// Print summary
	fmt.Printf("Generated Ed25519 signing keys\n")
	fmt.Printf("  Key ID: %s\n", *keyID)
	fmt.Printf("  Private key: %s (permissions: 0600)\n", privKeyPath)
	fmt.Printf("  Public key: %s\n", pubKeyPath)
	fmt.Printf("\nImportant:\n")
	fmt.Printf("  - Store the private key securely (it can sign manifests)\n")
	fmt.Printf("  - Distribute the public key to verification systems\n")
	fmt.Printf("  - Set environment variable: FETCHML_SIGNING_KEY_PATH=%s\n", privKeyPath)
}