Author-side storage for the per-plugin Ed25519 private key.
Keys live at ~/.mob/keys/<plugin_name>.priv as a single line of
base64-encoded raw 32-byte key (with a trailing newline). The file
is chmod'd 0600. Plain text is intentional — plugin authors should
be able to inspect and back up the key with standard tools.
This module is author-only; hosts never need it. The host-side
trust model (TrustStore) keys off the public key fingerprint
recorded in mob.exs.
Summary
Types
Errors read_key/1 can return.
Functions
Absolute path of the directory all priv keys live in.
Absolute path to the priv key file for plugin_name.
Reads the priv key for plugin_name and returns the raw 32-byte
binary. Returns {:error, :missing} if the file is absent or
{:error, :malformed} if the contents don't decode to a 32-byte key.
File mode applied to written keys (0o600 = owner read+write only).
Writes the priv key for plugin_name to disk with mode 0600.
Types
@type read_error() :: :missing | :malformed
Errors read_key/1 can return.
Functions
@spec key_dir() :: Path.t()
Absolute path of the directory all priv keys live in.
Absolute path to the priv key file for plugin_name.
Always under ~/.mob/keys/. Pure (no I/O) and used by both
read_key/1 and write_key/2.
@spec read_key(atom() | String.t()) :: {:ok, MobDev.Plugin.Crypto.priv_key()} | {:error, read_error()}
Reads the priv key for plugin_name and returns the raw 32-byte
binary. Returns {:error, :missing} if the file is absent or
{:error, :malformed} if the contents don't decode to a 32-byte key.
@spec secure_mode() :: integer()
File mode applied to written keys (0o600 = owner read+write only).
@spec write_key(atom() | String.t(), MobDev.Plugin.Crypto.priv_key()) :: :ok
Writes the priv key for plugin_name to disk with mode 0600.
Creates the key directory if needed. Overwrites any existing file —
callers (mix mob.plugin.keygen) gate this on a confirmation /
--force flag before invoking.