1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
let get_rng ~random_seed () =
match random_seed with
| None ->
Mirage_crypto_rng_unix.use_default ();
Mirage_crypto_rng.default_generator ()
| Some seed ->
Printf.eprintf
"[security] Insecure use of random seed. Do not use `--random-seed \
SEED` except for integration tests.\n\
%!";
Mirage_crypto_rng.create
~time:(fun () -> 0L)
~seed ~strict:true
(module Mirage_crypto_rng.Fortuna)
let generate_build_keypair ? ~rng () =
let gen = Mirage_crypto_rng.generate ~g:rng in
MlFront_Signify.Signify.generate_key_pair_exn ?comment gen
let save_build_keypair ~build_public_keyfile ~build_secret_keyfile ~fatal_return
(`PublicKey pubkey, `SecretKey seckey) =
MlFront_Thunk_IoDisk.ThunkIoDisk.make_directory_recursively
~return:(fatal_return ~error_code:"5696c586")
(MlFront_Core.FilePath.parent build_public_keyfile);
MlFront_Thunk_IoDisk.ThunkIoDisk.make_directory_recursively
~return:(fatal_return ~error_code:"b1f3c9e2")
(MlFront_Core.FilePath.parent build_secret_keyfile);
Out_channel.with_open_bin (MlFront_Core.FilePath.show build_public_keyfile)
(fun ic -> Out_channel.output_string ic pubkey);
Out_channel.with_open_bin (MlFront_Core.FilePath.show build_secret_keyfile)
(fun ic -> Out_channel.output_string ic seckey)