1 files changed, 100 insertions, 0 deletions

diff --git a/macaroonbakery/bakery/_keys.py b/macaroonbakery/bakery/_keys.py
new file mode 100644
index 0000000..1da5f05
--- /dev/null
+++ b/macaroonbakery/bakery/_keys.py
@@ -0,0 +1,100 @@
+# Copyright 2017 Canonical Ltd.
+# Licensed under the LGPLv3, see LICENCE file for details.
+
+import nacl.public
+
+
+class PrivateKey(object):
+    ''' A private key used by the bakery to encrypt and decrypt
+    third party caveats.
+    Internally, it is a 256-bit Ed25519 private key.
+    '''
+    def __init__(self, key):
+        self._key = key
+
+    @property
+    def key(self):
+        ''' Internal nacl key representation.
+        '''
+        return self._key
+
+    @property
+    def public_key(self):
+        '''
+        :return: the PublicKey associated with the private key.
+        '''
+        return PublicKey(self._key.public_key)
+
+    @classmethod
+    def deserialize(cls, serialized):
+        ''' Create a PrivateKey from a base64 encoded bytes.
+        :return: a PrivateKey
+        '''
+        return PrivateKey(
+            nacl.public.PrivateKey(serialized,
+                                   encoder=nacl.encoding.Base64Encoder))
+
+    def serialize(self, raw=False):
+        '''Encode the private part of the key in a base64 format by default,
+        but when raw is True it will return hex encoded bytes.
+        @return: bytes
+        '''
+        if raw:
+            return self._key.encode()
+        return self._key.encode(nacl.encoding.Base64Encoder)
+
+    def __str__(self):
+        '''Return the private part of the key key as a base64-encoded string'''
+        return self.serialize().decode('utf-8')
+
+    def __eq__(self, other):
+        return self.key == other.key
+
+
+class PublicKey(object):
+    ''' A public key used by the bakery to encrypt third party caveats.
+
+    Every discharger is associated with a public key which is used to
+    encrypt third party caveat ids addressed to that discharger.
+    Internally, it is a 256 bit Ed25519 public key.
+    '''
+    def __init__(self, key):
+        self._key = key
+
+    @property
+    def key(self):
+        ''' Internal nacl key representation.
+        '''
+        return self._key
+
+    def serialize(self, raw=False):
+        '''Encode the private part of the key in a base64 format by default,
+        but when raw is True it will return hex encoded bytes.
+        @return: bytes
+        '''
+        if raw:
+            return self._key.encode()
+        return self._key.encode(nacl.encoding.Base64Encoder)
+
+    def __str__(self):
+        '''Return the key as a base64-encoded string'''
+        return self.serialize().decode('utf-8')
+
+    @classmethod
+    def deserialize(cls, serialized):
+        ''' Create a PublicKey from a base64 encoded bytes.
+        :return: a PublicKey
+        '''
+        return PublicKey(
+            nacl.public.PublicKey(serialized,
+                                  encoder=nacl.encoding.Base64Encoder))
+
+    def __eq__(self, other):
+        return self.key == other.key
+
+
+def generate_key():
+    '''GenerateKey generates a new PrivateKey.
+    :return: a PrivateKey
+    '''
+    return PrivateKey(nacl.public.PrivateKey.generate())