55 lines
1.2 KiB
Go
55 lines
1.2 KiB
Go
package security
|
|
|
|
import (
|
|
"crypto/ed25519"
|
|
"errors"
|
|
"golang.org/x/crypto/ssh"
|
|
"os"
|
|
"sync"
|
|
)
|
|
|
|
var (
|
|
ed25519Priv ed25519.PrivateKey
|
|
once sync.Once
|
|
)
|
|
|
|
// InitEd25519Keys 加载并解密 OpenSSH 格式的 Ed25519 私钥
|
|
func InitEd25519Keys(passphrase string) error {
|
|
var err error
|
|
once.Do(func() {
|
|
// 读取私钥文件
|
|
data, e := os.ReadFile("keys/alaer_machines")
|
|
if e != nil {
|
|
err = errors.New("failed to load ed25519 private key file: " + e.Error())
|
|
return
|
|
}
|
|
|
|
// 解析 OpenSSH 私钥格式(可能是加密的)
|
|
decryptedKey, e := ssh.ParseRawPrivateKeyWithPassphrase(data, []byte(passphrase))
|
|
if e != nil {
|
|
err = errors.New("failed to decrypt private key: " + e.Error())
|
|
return
|
|
}
|
|
|
|
// 检查解析出的私钥类型
|
|
switch key := decryptedKey.(type) {
|
|
case ed25519.PrivateKey:
|
|
ed25519Priv = key
|
|
case *ed25519.PrivateKey:
|
|
ed25519Priv = *key
|
|
default:
|
|
err = errors.New("parsed key is not an ed25519 private key, check your key format")
|
|
return
|
|
}
|
|
})
|
|
return err
|
|
}
|
|
|
|
// Ed25519Sign 进行 Ed25519 签名
|
|
func Ed25519Sign(message []byte) ([]byte, error) {
|
|
if ed25519Priv == nil {
|
|
return nil, errors.New("private key not initialized")
|
|
}
|
|
return ed25519.Sign(ed25519Priv, message), nil
|
|
}
|