cmd/sunlight-keygen: support printing witness verifier key

Author: FiloSottile

cmd/sunlight-keygen/keygen.go

@@ -17,6 +17,7 @@ import (
 
 	"filippo.io/keygen"
 	"filippo.io/sunlight/internal/immutable"
+	"filippo.io/torchwood"
 	"golang.org/x/crypto/hkdf"
 	"golang.org/x/mod/sumdb/note"
 )
@@ -25,6 +26,7 @@ func main() {
 	fs := flag.NewFlagSet("keygen", flag.ExitOnError)
 	fileFlag := fs.String("f", "", "path to the seed file")
 	prefixFlag := fs.String("prefix", "", "submission prefix for the log, to output a witness verifier key")
+	witnessFlag := fs.String("witness", "", "witness name, for generating a witness secret instead")
 	fs.Parse(os.Args[1:])
 	if fs.NArg() != 0 || *fileFlag == "" {
 		fmt.Fprintln(os.Stderr, "usage: sunlight-keygen -f <seed file>")
@@ -57,6 +59,21 @@ func main() {
 		log.Fatal("seed file must be exactly 32 bytes")
 	}
 
+	if *witnessFlag != "" {
+		ed25519Secret := make([]byte, ed25519.SeedSize)
+		if _, err := io.ReadFull(hkdf.New(sha256.New, seed, []byte("sunlight Ed25519 witness key"),
+			[]byte(*witnessFlag)), ed25519Secret); err != nil {
+			log.Fatal("failed to derive Ed25519 key:", err)
+		}
+		wk := ed25519.NewKeyFromSeed(ed25519Secret)
+		s, err := torchwood.NewCosignatureSigner(*witnessFlag, wk)
+		if err != nil {
+			log.Fatal("failed to create witness signer:", err)
+		}
+		fmt.Printf("Witness vkey: %s\n", s.Verifier())
+		return
+	}
+
 	ecdsaSecret := make([]byte, 32)
 	if _, err := io.ReadFull(hkdf.New(sha256.New, seed, []byte("sunlight"), []byte("ECDSA P-256 log key")), ecdsaSecret); err != nil {
 		log.Fatal("failed to derive ECDSA secret:", err)

cmd/sunlight/sunlight.go

@@ -146,7 +146,7 @@ type Config struct {
 		//
 		// To generate a new seed, run:
 		//
-		//   $ sunlight-keygen -f seed.bin
+		//   $ sunlight-keygen -f seed.bin -witness <name>
 		//
 		Secret string