2 files changed, 42 insertions, 0 deletions

diff --git a/key/sig.go b/key/sig.go
index e7a2b1e..908f17e 100644
--- a/key/sig.go
+++ b/key/sig.go
@@ -102,3 +102,12 @@ func (pair SigKeypair) GetPublicKey() saltpack.SigningPublicKey {
 	public := [ed25519.PublicKeySize]byte(pair.public)
 	return basic.NewSigningPublicKey(&public)
 }
+
+func (key SigPublicKey) ToKID() []byte {
+	return key[:]
+}
+
+func (key SigPublicKey) Verify(message []byte, signature []byte) error {
+	raw := [ed25519.PublicKeySize]byte(key)
+	return basic.NewSigningPublicKey(&raw).Verify(message, signature)
+}
diff --git a/key/sig_keyring.go b/key/sig_keyring.go
new file mode 100644
index 0000000..aeb6180
--- /dev/null
+++ b/key/sig_keyring.go
@@ -0,0 +1,33 @@
+package key
+
+import (
+	"bytes"
+	"github.com/keybase/saltpack"
+	"slices"
+)
+
+type SigKeyring []SigPublicKey
+
+func (ring *SigKeyring) Import(key SigPublicKey) {
+	i, ok := slices.BinarySearchFunc(*ring, key, cmpSigPublicKey)
+	if ok {
+		return // key already in keyring.
+	}
+	*ring = slices.Insert(*ring, i, key)
+}
+
+func (ring SigKeyring) LookupSigningPublicKey(kid []byte) saltpack.SigningPublicKey {
+	if len(kid) != len(SigPublicKey{}) {
+		return nil
+	}
+	key := SigPublicKey(kid)
+	i, ok := slices.BinarySearchFunc(ring, key, cmpSigPublicKey)
+	if !ok {
+		return nil // key not in keyring.
+	}
+	return ring[i]
+}
+
+func cmpSigPublicKey(a, b SigPublicKey) int {
+	return bytes.Compare(a[:], b[:])
+}