Redflag/cmd/tools/keygen/main.go

package main

import (
	"crypto/ed25519"
	"encoding/base64"
	"encoding/hex"
	"flag"
	"fmt"
	"os"
)

func main() {
	publicB64 := flag.Bool("public-b64", false, "Extract and output public key in base64")
	publicHex := flag.Bool("public-hex", false, "Extract and output public key in hex")
	help := flag.Bool("help", false, "Show help message")

	flag.Parse()

	if *help {
		fmt.Println("RedFlag Ed25519 Key Tool")
		fmt.Println("Usage:")
		fmt.Println("  go run ./cmd/tools/keygen -public-b64    Extract public key in base64")
		fmt.Println("  go run ./cmd/tools/keygen -public-hex    Extract public key in hex")
		fmt.Println("")
		fmt.Println("Requires REDFLAG_SIGNING_PRIVATE_KEY environment variable (64-byte hex)")
		os.Exit(0)
	}

	// Read private key from environment
	privateKeyHex := os.Getenv("REDFLAG_SIGNING_PRIVATE_KEY")
	if privateKeyHex == "" {
		fmt.Fprintln(os.Stderr, "Error: REDFLAG_SIGNING_PRIVATE_KEY environment variable not set")
		os.Exit(1)
	}

	// Decode hex private key
	privateKeyBytes, err := hex.DecodeString(privateKeyHex)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error: Invalid private key hex format: %v\n", err)
		os.Exit(1)
	}

	if len(privateKeyBytes) != ed25519.PrivateKeySize {
		fmt.Fprintf(os.Stderr, "Error: Invalid private key size: expected %d bytes, got %d\n",
			ed25519.PrivateKeySize, len(privateKeyBytes))
		os.Exit(1)
	}

	// Extract public key from private key
	privateKey := ed25519.PrivateKey(privateKeyBytes)
	publicKey := privateKey.Public().(ed25519.PublicKey)

	// Output in requested format
	if *publicB64 {
		fmt.Println(base64.StdEncoding.EncodeToString(publicKey))
	} else if *publicHex {
		fmt.Println(hex.EncodeToString(publicKey))
	} else {
		// Default: show both formats
		fmt.Println("Public Key (hex):")
		fmt.Println(hex.EncodeToString(publicKey))
		fmt.Println("")
		fmt.Println("Public Key (base64):")
		fmt.Println(base64.StdEncoding.EncodeToString(publicKey))
		fmt.Println("")
		fmt.Println("For embedding in agent binary, use:")
		fmt.Printf("go build -ldflags \"-X main.ServerPublicKeyHex=%s\" -o redflag-agent cmd/agent/main.go\n",
			hex.EncodeToString(publicKey))
	}
}