From f33d9227f7e49e7818b4d3771b6d1126a71bdce5 Mon Sep 17 00:00:00 2001
From: Sam Anthony <sam@samanthony.xyz>
Date: Thu, 17 Apr 2025 20:26:55 -0400
Subject: load private signing key

---
 key/box.go  | 18 +-----------------
 key/load.go | 24 ++++++++++++++++++++++++
 key/sig.go  | 36 +++++++++++++++++++++---------------
 3 files changed, 46 insertions(+), 32 deletions(-)
 create mode 100644 key/load.go

diff --git a/key/box.go b/key/box.go
index 984447f..51bc3ff 100644
--- a/key/box.go
+++ b/key/box.go
@@ -4,8 +4,6 @@ import (
 	"bytes"
 	"encoding/hex"
 	"fmt"
-	"io"
-	"os"
 )
 
 // BoxPublicKey is a public NaCl box key.
@@ -46,21 +44,7 @@ func LoadBoxPublicKey() (BoxPublicKey, error) {
 
 // loadBoxKey reads a NaCl box key (public or private)  from the specified file.
 func loadBoxKey(filename string) ([32]byte, error) {
-	// Open file.
-	f, err := os.Open(filename)
-	if err != nil {
-		return [32]byte{}, err
-	}
-	defer f.Close()
-
-	// Read key from file.
-	buf, err := io.ReadAll(f)
-	if err != nil {
-		return [32]byte{}, err
-	}
-
-	// Decode key.
-	return decodeBoxKey(buf)
+	return loadKey(filename, decodeBoxKey)
 }
 
 func (bpk1 BoxPublicKey) Compare(bpk2 BoxPublicKey) int {
diff --git a/key/load.go b/key/load.go
new file mode 100644
index 0000000..e4ff3cf
--- /dev/null
+++ b/key/load.go
@@ -0,0 +1,24 @@
+package key
+
+import (
+	"io"
+	"os"
+)
+
+// loadKey reads and decodes a key from a file.
+func loadKey[K any](filename string, decode func([]byte) (K, error)) (K, error) {
+	var key K
+
+	f, err := os.Open(filename)
+	if err != nil {
+		return key, err
+	}
+	defer f.Close()
+
+	buf, err := io.ReadAll(f)
+	if err != nil {
+		return key, err
+	}
+
+	return decode(buf)
+}
diff --git a/key/sig.go b/key/sig.go
index 1a33468..bf3405d 100644
--- a/key/sig.go
+++ b/key/sig.go
@@ -4,8 +4,6 @@ import (
 	"bytes"
 	"encoding/hex"
 	"fmt"
-	"io"
-	"os"
 )
 
 // SigPublicKey is a public NaCl signature verification key.
@@ -22,22 +20,18 @@ func LoadSigPublicKey() (SigPublicKey, error) {
 	if err != nil {
 		return SigPublicKey{}, err
 	}
+	return loadKey(sigPubKeyFile, DecodeSigPublicKey)
+}
 
-	// Open public key file.
-	f, err := os.Open(sigPubKeyFile)
-	if err != nil {
-		return SigPublicKey{}, err
-	}
-	defer f.Close()
-
-	// Read key from file.
-	buf, err := io.ReadAll(f)
+// LoadSigPrivateKey reads the private signing key from disc,
+// or generates a new keypair if it does not already exist.
+func LoadSigPrivateKey() (SigPrivateKey, error) {
+	// Generate keypair if it doesn't already exist.
+	err := generateSigKeypairIfNotExist()
 	if err != nil {
-		return SigPublicKey{}, err
+		return SigPrivateKey{}, err
 	}
-
-	// Decode key.
-	return DecodeSigPublicKey(buf)
+	return loadKey(sigPrivKeyFile, DecodeSigPrivateKey)
 }
 
 func (spk1 SigPublicKey) Compare(spk2 SigPublicKey) int {
@@ -55,3 +49,15 @@ func DecodeSigPublicKey(buf []byte) (SigPublicKey, error) {
 	}
 	return key, nil
 }
+
+func DecodeSigPrivateKey(buf []byte) (SigPrivateKey, error) {
+	var key SigPrivateKey
+	if hex.DecodedLen(len(buf)) != len(key) {
+		return SigPrivateKey{}, fmt.Errorf("malformed signing key: expected %d bytes; got %d",
+			len(key), hex.DecodedLen(len(buf)))
+	}
+	if _, err := hex.Decode(key[:], buf); err != nil {
+		return SigPrivateKey{}, err
+	}
+	return key, nil
+}
-- 
cgit v1.2.3