more sensible naming.

Calling something a key-pair usually implies public/private. It's awkward
to use it to refer to encryption/decryption. Instead, encryption and
decription keys together are now called Keys. Apart, they're called
subKeys. And a full set (encryption, decryption, public, and private) is
now called a KeyPair.

I also added some convenience functions.

Author: sean9999

cipherer.go

@@ -8,7 +8,7 @@ import (
 type EncrypterOpts = any
 
 type Encrypter interface {
-	Encrypt(io.Reader, *Message, KeyPair, EncrypterOpts) error
+	Encrypt(io.Reader, *Message, Key, EncrypterOpts) error
 }
 
 type Decrypter interface {

cmd/delphi/encrypt.go

@@ -9,7 +9,7 @@ import (
 )
 
 // PluckPeer plucks out a public key from the [pemBag].
-func (app *DelphiApp) PluckPeer() (pubkey delphi.KeyPair) {
+func (app *DelphiApp) PluckPeer() (pubkey delphi.Key) {
 	peer := app.pems.Pluck(delphi.Pubkey)
 	if peer != nil {
 		//pubkey = delphi.KeyFromHex(string(peer.Bytes))

cmd/delphi/encrypt_test.go

@@ -48,7 +48,7 @@ func TestEncrypt(t *testing.T) {
 
 	assert.False(t, delphi.Nonce.IsZero(msg.Nonce))
 
-	assert.Len(t, msg.Eph, delphi.KeySize)
+	assert.Len(t, msg.Eph, delphi.SubKeySize)
 
 	assert.Equal(t, "falling-grass", msg.RecipientKey.Nickname())
 	assert.Equal(t, "bitter-frost", msg.SenderKey.Nickname())

go.mod

@@ -10,15 +10,13 @@ require (
 	github.com/sean9999/pear v0.0.5
 	github.com/spf13/afero v1.12.0
 	github.com/stretchr/testify v1.10.0
-	github.com/vmihailenco/msgpack/v5 v5.4.1
 	golang.org/x/crypto v0.36.0
 )
 
 require (
 	github.com/DataDog/gostackparse v0.7.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	golang.org/x/sys v0.31.0 // indirect
 	golang.org/x/text v0.23.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

go.sum

@@ -7,8 +7,6 @@ github.com/goombaio/namegenerator v0.0.0-20181006234301-989e774b106e h1:XmA6L9IP
 github.com/goombaio/namegenerator v0.0.0-20181006234301-989e774b106e/go.mod h1:AFIo+02s+12CEg8Gzz9kzhCbmbq6JcKNrhHffCGA9z4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/sean9999/hermeti v0.5.0 h1:PXKBi0IIuhtSYydePgPmXHAqfo3ehrpNj2XNsLtF054=
-github.com/sean9999/hermeti v0.5.0/go.mod h1:TaERtyaqhd1DmzasV59XB3KAOPFVEm6yMtAG3lpC/ZY=
 github.com/sean9999/hermeti v0.5.2 h1:Tm2r9mvJDmr1enKd9F0k3JfrK3lZXdrCpJOXqnDLtgk=
 github.com/sean9999/hermeti v0.5.2/go.mod h1:XLlNI3TttQ8GbycFBvB9KJh5NYm2UulSpT7QVX6EQZ0=
 github.com/sean9999/pear v0.0.5 h1:IHOYxBo1KymPjyN00EIedY2Ifa5XAZNy4eWgcmI6ssc=
@@ -19,10 +17,6 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8=
-github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok=
-github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
-github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
 golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
 golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=

key.go

@@ -12,13 +12,13 @@ import (
 	"slices"
 )
 
-const KeySize = 32
+const SubKeySize = 32
 
-// a key is either: a public encryption, public signing, private encryption, or private signing key
-type key [KeySize]byte
+// a subKey is either: a public encryption, public signing, private encryption, or private signing subKey
+type subKey [SubKeySize]byte
 
 // a subKey is zero if all it's bytes are zero
-func (s key) IsZero() bool {
+func (s subKey) IsZero() bool {
 	for _, b := range s {
 		if b != 0 {
 			return false
@@ -27,74 +27,75 @@ func (s key) IsZero() bool {
 	return true
 }
 
-func (s key) Bytes() []byte {
+func (s subKey) Bytes() []byte {
 	return s[:]
 }
 
 func NewPeer() Peer {
-	return KeyPair{}
+	return Key{}
 }
 
-// a KeyPair is two (specifically one encryption and one signing) keys
-type KeyPair [2]key
+// a Key is two (specifically one encryption and one signing) keys
+type Key [2]subKey
 
-func (k KeyPair) MarshalJSON() ([]byte, error) {
+func (k Key) MarshalJSON() ([]byte, error) {
 	str := k.ToHex()
 	return json.Marshal(str)
 }
 
-func (k KeyPair) MarshalBinary() ([]byte, error) {
+func (k Key) MarshalBinary() ([]byte, error) {
 	return k.Bytes(), nil
 }
 
-func (k *KeyPair) UnmarshalBinary(b []byte) error {
-	copy(k[0][:], b[:KeySize])
-	copy(k[1][:], b[KeySize:])
+func (k *Key) UnmarshalBinary(b []byte) error {
+	copy(k[0][:], b[:SubKeySize])
+	copy(k[1][:], b[SubKeySize:])
 	return nil
 }
 
-func (k *KeyPair) UnmarshalJSON(b []byte) error {
+func (k *Key) UnmarshalJSON(b []byte) error {
 	j := KeyFromHex(string(b))
 	copy(k[:], j[:])
 	return nil
 }
 
-func (k KeyPair) MarshalText() ([]byte, error) {
+func (k Key) MarshalText() ([]byte, error) {
 	return []byte(k.ToHex()), nil
 }
 
 // a Key is zero if all it's subKeys are zero
-func (k KeyPair) IsZero() bool {
+func (k Key) IsZero() bool {
 	return k[0].IsZero() && k[1].IsZero()
 }
 
-func (k KeyPair) From(b []byte) KeyPair {
-	var enc key
-	var sig key
-	copy(enc[:], b[:KeySize])
-	copy(sig[:], b[KeySize:])
-	var j KeyPair
+func (k Key) From(b []byte) Key {
+	//	TODO: panic or error if the byte slice looks wrong
+	var enc subKey
+	var sig subKey
+	copy(enc[:], b[:SubKeySize])
+	copy(sig[:], b[SubKeySize:])
+	var j Key
 	j[0] = enc
 	j[1] = sig
 	return j
 }
 
-// a KeyChain is two [KeyPair]s. One public, one private
-type KeyChain [2]KeyPair
+// a KeyPair is two [Key]s. One public, one private
+type KeyPair [2]Key
 
 // a KeyPair is zero if all it's keys are zero
-func (kp KeyChain) IsZero() bool {
+func (kp KeyPair) IsZero() bool {
 	return kp[0].IsZero() && kp[1].IsZero()
 }
 
-func (k KeyPair) Bytes() []byte {
-	b := make([]byte, 2*KeySize)
-	copy(b[:KeySize], k[0][:])
-	copy(b[KeySize:], k[1][:])
+func (k Key) Bytes() []byte {
+	b := make([]byte, 2*SubKeySize)
+	copy(b[:SubKeySize], k[0][:])
+	copy(b[SubKeySize:], k[1][:])
 	return b
 }
 
-func (k KeyPair) ToInt64() int64 {
+func (k Key) ToInt64() int64 {
 	var num int64
 	buf := bytes.NewReader(k.Bytes())
 	err := binary.Read(buf, binary.BigEndian, &num)
@@ -104,7 +105,7 @@ func (k KeyPair) ToInt64() int64 {
 	return num
 }
 
-func (k KeyPair) Equal(j KeyPair) bool {
+func (k Key) Equal(j Key) bool {
 	for i := range 2 {
 
 		jslice := j[i][:]
@@ -122,62 +123,62 @@ func (k KeyPair) Equal(j KeyPair) bool {
 	return true
 }
 
-func (k KeyPair) Signing() key {
+func (k Key) Signing() subKey {
 	return k[1]
 }
 
-func (k KeyPair) Encryption() key {
+func (k Key) Encryption() subKey {
 	return k[0]
 }
 
-func (k KeyChain) Bytes() []byte {
-	b := make([]byte, 4*KeySize)
-	copy(b[:2*KeySize], k[0].Bytes()) // public
-	copy(b[2*KeySize:], k[1].Bytes()) // private
+func (k KeyPair) Bytes() []byte {
+	b := make([]byte, 4*SubKeySize)
+	copy(b[:2*SubKeySize], k[0].Bytes()) // public
+	copy(b[2*SubKeySize:], k[1].Bytes()) // private
 	return b
 }
 
-func (k KeyPair) ToHex() string {
+func (k Key) ToHex() string {
 	return hex.EncodeToString(k.Bytes())
 }
 
-func KeyFromHex(str string) KeyPair {
+func KeyFromHex(str string) Key {
 	bin, err := hex.DecodeString(str)
 	if err != nil {
-		return KeyPair{}
+		return Key{}
 	}
 	return KeyFromBytes(bin)
 }
 
-func KeyFromBytes(b []byte) KeyPair {
+func KeyFromBytes(b []byte) Key {
 
 	gotSize := len(b)
-	wantSize := KeySize * 2
+	wantSize := SubKeySize * 2
 
 	if gotSize != wantSize {
 		panic(fmt.Sprintf("wrong length for key. Wanted %d but got %d", wantSize, gotSize))
 	}
-	k := KeyPair{}
-	copy(k[0][:], b[:KeySize])
-	copy(k[1][:], b[KeySize:])
+	k := Key{}
+	copy(k[0][:], b[:SubKeySize])
+	copy(k[1][:], b[SubKeySize:])
 	return k
 }
 
-func NewSubKey(randy io.Reader) key {
-	sk := key{}
+func NewSubKey(randy io.Reader) subKey {
+	sk := subKey{}
 	randy.Read(sk[:])
 	return sk
 }
 
-func NewKey(randy io.Reader) KeyPair {
+func NewKey(randy io.Reader) Key {
 	if randy == nil {
-		return KeyPair{}
+		return Key{}
 	}
-	return KeyPair{NewSubKey(randy), NewSubKey(randy)}
+	return Key{NewSubKey(randy), NewSubKey(randy)}
 }
 
 // NewKeyPair generates valid ed25519 and X25519 keys
-func NewKeyPair(randy io.Reader) KeyChain {
+func NewKeyPair(randy io.Reader) KeyPair {
 
 	/**
 	 * Layout:
@@ -187,7 +188,7 @@ func NewKeyPair(randy io.Reader) KeyChain {
 	 *	4th 32 bytes:	private signing key
 	 **/
 
-	var kp KeyChain
+	var kp KeyPair
 
 	//	encryption keys
 	ed := ecdh.X25519()
@@ -197,17 +198,17 @@ func NewKeyPair(randy io.Reader) KeyChain {
 	}
 	encryptionPub := encryptionPriv.PublicKey()
 
-	kp[0][0] = key(encryptionPub.Bytes())
-	kp[1][0] = key(encryptionPriv.Bytes())
+	kp[0][0] = subKey(encryptionPub.Bytes())
+	kp[1][0] = subKey(encryptionPriv.Bytes())
 
 	//	signing keys
 	signPub, signPriv, err := ed25519.GenerateKey(randy)
 	if err != nil {
 		panic(err)
 	}
 
-	kp[0][1] = key(signPub)
-	kp[1][1] = key(signPriv[:KeySize])
+	kp[0][1] = subKey(signPub)
+	kp[1][1] = subKey(signPriv[:SubKeySize])
 
 	return kp
 }

key_test.go

@@ -8,23 +8,23 @@ import (
 )
 
 func TestSubKey_IsZero(t *testing.T) {
-	var zeroSubKey key
+	var zeroSubKey subKey
 	assert.True(t, zeroSubKey.IsZero())
 
 	nonZeroSubKey := NewSubKey(rand.Reader)
 	assert.False(t, nonZeroSubKey.IsZero())
 }
 
 func TestKey_IsZero(t *testing.T) {
-	var zeroKey KeyPair
+	var zeroKey Key
 	assert.True(t, zeroKey.IsZero())
 
 	nonZeroKey := NewKey(rand.Reader)
 	assert.False(t, nonZeroKey.IsZero())
 }
 
 func TestKeyPair_IsZero(t *testing.T) {
-	var zeroKeyPair KeyChain
+	var zeroKeyPair KeyPair
 	assert.True(t, zeroKeyPair.IsZero())
 
 	nonZeroKeyPair := NewKeyPair(rand.Reader)

message.go

@@ -25,8 +25,8 @@ var ErrNotImplemented = errors.New("not implemented")
 type Message struct {
 	readBuffer   []byte  `msgpack:"-"`
 	Subject      Subject `msgpack:"subj" json:"subj"`
-	RecipientKey KeyPair `msgpack:"to" json:"to"`
-	SenderKey    KeyPair `msgpack:"from" json:"from"`
+	RecipientKey Key     `msgpack:"to" json:"to"`
+	SenderKey    Key     `msgpack:"from" json:"from"`
 	Headers      KV      `msgpack:"hdrs" json:"hdrs"` // additional authenticated data (AAD)
 	Eph          []byte  `msgpack:"eph" json:"eph"`
 	Nonce        Nonce   `msgpack:"nonce" json:"nonce"`
@@ -194,13 +194,13 @@ func (msg *Message) FromPEM(p pem.Block) error {
 			if err != nil {
 				return err
 			}
-			msg.SenderKey = KeyPair{}.From(pubKeyBytes)
+			msg.SenderKey = Key{}.From(pubKeyBytes)
 		case "to":
 			pubKeyBytes, err := extractB64(p.Headers, "to")
 			if err != nil {
 				return err
 			}
-			msg.RecipientKey = KeyPair{}.From(pubKeyBytes)
+			msg.RecipientKey = Key{}.From(pubKeyBytes)
 		case "eph":
 			bin, err := extractB64(p.Headers, "eph")
 			if err != nil {
@@ -341,8 +341,8 @@ func (msg *Message) Sign(randy io.Reader, signer crypto.Signer) error {
 func (msg *Message) Verify() bool {
 	digest, err := msg.Digest()
 	if err != nil {
-		panic(err)
-	} // TODO: do we really want to panic here?
+		return false
+	}
 	pubKey := ed25519.PublicKey(msg.SenderKey.Signing().Bytes())
 	return ed25519.Verify(pubKey, digest, msg.Sig)
 }