I. SXT key container description ----------------------------- 1. Private keys store description The following format used to store a private key: ( "") Where: - key-type is a type of the key: * ppkp-ed25519 - base64 is an encoded private key it self consists of: <8bit flags>

NOTE: Each key may contain a 64bit special hash, but this is an optional one. Key also might be encrypted with password key i.e. password thus private-key-data might be encrypted, might not. * MAGIC VERSION SIGN is just a data points to the container version used, for the first one this is: 0xbeef0101 * 8bit flags contains the following ones: - (1 << 1) - if set - there are hash within the key - (1 << 2) - if set - key is encrypted and require a password key to decrypt * key-type - is the same key-type as it pointed above * cipher-name and kdf-name is a plain text name of kdf and cipher used to encrypt the key, or "none" if key isn't encrypted * kdf-opts is an options for kdf (in case of bcrypt this is a salt and passes number) * public-key is a public key * private-key-data - this is a data contains all private key information (this data might be encrypted), this area contains: <32bit random><32bit random>

<64bit hash><8bit zero padding> At the moment of this document creation i'm planning to support ed25519 keys only. II. SXT keys management tools ----------------------------- 1. Key generation To generate a key a special tool exists: sxtkeygen > sxtkeygen --type --name --passphrase --path --hash <64bit hash> * type will ed25519 (others doesn't supported yet) - it's required value * name is optional will defaults to if not pointed * passphrase is optional, if pointed will required to input a passphrase to encrypt the key (taptap in the terminal) * path is optional, points to the path where public/private keys files will located, defaults to the current working directory. * hash is an optional - set it if you want to store an additional hash within the key i.e. the output will be two ones: /.pub # public key /.ppkp # private key