Initial commit

4 files changed, 1157 insertions, 0 deletions

diff --git a/src/base32.zig b/src/base32.zig
new file mode 100644
index 0000000..b1400a5
--- /dev/null
+++ b/src/base32.zig
@@ -0,0 +1,120 @@
+const std = @import("std");
+
+// TODO(rutgerbrf): simplify the code of the encoder & decoder?
+
+pub const Encoder = struct {
+    const Self = @This();
+
+    out_off: u4 = 0,
+    buf: u5 = 0,
+
+    pub fn write(self: *Self, b: u8, out: []u8) usize {
+        var i: usize = 0;
+        var bits_left: u4 = 8;
+        while (bits_left > 0) {
+            var space_avail = @truncate(u3, 5 - self.out_off);
+            var write_bits: u3 = if (bits_left < space_avail) @truncate(u3, bits_left) else space_avail;
+            bits_left -= write_bits;
+            var mask: u8 = (@as(u8, 0x01) << write_bits) - 1;
+            var want: u8 = (b >> @truncate(u3, bits_left)) & mask;
+            self.buf |= @truncate(u5, want << (space_avail - write_bits));
+            self.out_off += write_bits;
+            if (self.out_off == 5) {
+                if (i >= out.len) break;
+                out[i] = self.char();
+                i += 1;
+                self.out_off = 0;
+                self.buf = 0;
+            }
+        }
+        return i;
+    }
+
+    fn char(self: *const Self) u8 {
+        return self.buf + (if (self.buf < 26) @as(u8, 'A') else '2' - 26);
+    }
+};
+
+pub const DecodeError = error{CorruptInputError};
+
+pub const Decoder = struct {
+    const Self = @This();
+
+    out_off: u4 = 0,
+    buf: u8 = 0,
+
+    pub fn read(self: *Self, c: u8) DecodeError!?u8 {
+        var ret: ?u8 = null;
+        var decoded_c = try decodeChar(c);
+        var bits_left: u3 = 5;
+        while (bits_left > 0) {
+            var space_avail: u4 = 8 - self.out_off;
+            var write_bits: u3 = if (bits_left < space_avail) bits_left else @truncate(u3, space_avail);
+            bits_left -= write_bits;
+            var mask: u8 = (@as(u8, 0x01) << write_bits) - 1;
+            var want: u8 = (decoded_c >> bits_left) & mask;
+            self.buf |= want << @truncate(u3, space_avail - write_bits);
+            self.out_off += write_bits;
+            if (self.out_off == 8) {
+                ret = self.buf;
+                self.out_off = 0;
+                self.buf = 0;
+            }
+        }
+        return ret;
+    }
+
+    fn decodeChar(p: u8) DecodeError!u5 {
+        var value: u5 = 0;
+        if (p >= 'A' and p <= 'Z') {
+            value = @truncate(u5, p - @as(u8, 'A'));
+        } else if (p >= '2' and p <= '9') {
+            // '2' -> 26
+            value = @truncate(u5, p - @as(u8, '2') + 26);
+        } else {
+            return error.CorruptInputError;
+        }
+        return value;
+    }
+};
+
+pub fn encodedLen(src_len: usize) usize {
+    const src_len_bits = src_len * 8;
+    return src_len_bits / 5 + (if (src_len_bits % 5 > 0) @as(usize, 1) else 0);
+}
+
+pub fn decodedLen(enc_len: usize) usize {
+    const enc_len_bits = enc_len * 5;
+    return enc_len_bits / 8;
+}
+
+pub fn encode(bs: []const u8, out: []u8) usize {
+    var e = Encoder{};
+    var i: usize = 0;
+    for (bs) |b| {
+        if (i >= out.len) break;
+        i += e.write(b, out[i..]);
+    }
+    if (e.out_off != 0 and i < out.len) {
+        out[i] = e.char();
+        i += 1;
+    }
+    return i; // amount of bytes processed
+}
+
+pub fn decode(ps: []const u8, out: []u8) DecodeError!usize {
+    var d = Decoder{};
+    var i: usize = 0;
+    for (ps) |p| {
+        if (i >= out.len) break;
+        if (try d.read(p)) |b| {
+            out[i] = b;
+            i += 1;
+        }
+    }
+    if (d.out_off != 0 and i < out.len) {
+        out[i] = d.buf;
+        i += 1;
+    }
+    return i; // amount of bytes processed
+}
diff --git a/src/crc16.zig b/src/crc16.zig
new file mode 100644
index 0000000..3b66d99
--- /dev/null
+++ b/src/crc16.zig
@@ -0,0 +1,57 @@
+const Error = error{InvalidChecksum};
+
+// TODO(rutgerbrf): generate this table at compile time?
+const crc16tab = [256]u16{
+    0x0000, 0x1021, 0x2042, 0x3063, 0x4084, 0x50a5, 0x60c6, 0x70e7,
+    0x8108, 0x9129, 0xa14a, 0xb16b, 0xc18c, 0xd1ad, 0xe1ce, 0xf1ef,
+    0x1231, 0x0210, 0x3273, 0x2252, 0x52b5, 0x4294, 0x72f7, 0x62d6,
+    0x9339, 0x8318, 0xb37b, 0xa35a, 0xd3bd, 0xc39c, 0xf3ff, 0xe3de,
+    0x2462, 0x3443, 0x0420, 0x1401, 0x64e6, 0x74c7, 0x44a4, 0x5485,
+    0xa56a, 0xb54b, 0x8528, 0x9509, 0xe5ee, 0xf5cf, 0xc5ac, 0xd58d,
+    0x3653, 0x2672, 0x1611, 0x0630, 0x76d7, 0x66f6, 0x5695, 0x46b4,
+    0xb75b, 0xa77a, 0x9719, 0x8738, 0xf7df, 0xe7fe, 0xd79d, 0xc7bc,
+    0x48c4, 0x58e5, 0x6886, 0x78a7, 0x0840, 0x1861, 0x2802, 0x3823,
+    0xc9cc, 0xd9ed, 0xe98e, 0xf9af, 0x8948, 0x9969, 0xa90a, 0xb92b,
+    0x5af5, 0x4ad4, 0x7ab7, 0x6a96, 0x1a71, 0x0a50, 0x3a33, 0x2a12,
+    0xdbfd, 0xcbdc, 0xfbbf, 0xeb9e, 0x9b79, 0x8b58, 0xbb3b, 0xab1a,
+    0x6ca6, 0x7c87, 0x4ce4, 0x5cc5, 0x2c22, 0x3c03, 0x0c60, 0x1c41,
+    0xedae, 0xfd8f, 0xcdec, 0xddcd, 0xad2a, 0xbd0b, 0x8d68, 0x9d49,
+    0x7e97, 0x6eb6, 0x5ed5, 0x4ef4, 0x3e13, 0x2e32, 0x1e51, 0x0e70,
+    0xff9f, 0xefbe, 0xdfdd, 0xcffc, 0xbf1b, 0xaf3a, 0x9f59, 0x8f78,
+    0x9188, 0x81a9, 0xb1ca, 0xa1eb, 0xd10c, 0xc12d, 0xf14e, 0xe16f,
+    0x1080, 0x00a1, 0x30c2, 0x20e3, 0x5004, 0x4025, 0x7046, 0x6067,
+    0x83b9, 0x9398, 0xa3fb, 0xb3da, 0xc33d, 0xd31c, 0xe37f, 0xf35e,
+    0x02b1, 0x1290, 0x22f3, 0x32d2, 0x4235, 0x5214, 0x6277, 0x7256,
+    0xb5ea, 0xa5cb, 0x95a8, 0x8589, 0xf56e, 0xe54f, 0xd52c, 0xc50d,
+    0x34e2, 0x24c3, 0x14a0, 0x0481, 0x7466, 0x6447, 0x5424, 0x4405,
+    0xa7db, 0xb7fa, 0x8799, 0x97b8, 0xe75f, 0xf77e, 0xc71d, 0xd73c,
+    0x26d3, 0x36f2, 0x0691, 0x16b0, 0x6657, 0x7676, 0x4615, 0x5634,
+    0xd94c, 0xc96d, 0xf90e, 0xe92f, 0x99c8, 0x89e9, 0xb98a, 0xa9ab,
+    0x5844, 0x4865, 0x7806, 0x6827, 0x18c0, 0x08e1, 0x3882, 0x28a3,
+    0xcb7d, 0xdb5c, 0xeb3f, 0xfb1e, 0x8bf9, 0x9bd8, 0xabbb, 0xbb9a,
+    0x4a75, 0x5a54, 0x6a37, 0x7a16, 0x0af1, 0x1ad0, 0x2ab3, 0x3a92,
+    0xfd2e, 0xed0f, 0xdd6c, 0xcd4d, 0xbdaa, 0xad8b, 0x9de8, 0x8dc9,
+    0x7c26, 0x6c07, 0x5c64, 0x4c45, 0x3ca2, 0x2c83, 0x1ce0, 0x0cc1,
+    0xef1f, 0xff3e, 0xcf5d, 0xdf7c, 0xaf9b, 0xbfba, 0x8fd9, 0x9ff8,
+    0x6e17, 0x7e36, 0x4e55, 0x5e74, 0x2e93, 0x3eb2, 0x0ed1, 0x1ef0,
+};
+
+pub fn update(crc: u16, with_data: []const u8) u16 {
+    var new_crc = crc;
+    for (with_data) |b| {
+        new_crc = ((new_crc << 8) & 0xffff) ^ crc16tab[((new_crc >> 8) ^ @as(u16, b)) & 0x00ff];
+    }
+    return new_crc;
+}
+
+// make returns the CRC16 checksum for the data provided.
+pub fn make(data: []const u8) u16 {
+    return update(0, data);
+}
+
+// validate will check the calculated CRC16 checksum for data against the expected.
+pub fn validate(data: []const u8, expected: u16) !void {
+    if (make(data) != expected) {
+        return error.InvalidChecksum;
+    }
+}
diff --git a/src/nkeys.zig b/src/nkeys.zig
new file mode 100644
index 0000000..7ce44f9
--- /dev/null
+++ b/src/nkeys.zig
@@ -0,0 +1,518 @@
+const std = @import("std");
+const ascii = std.ascii;
+const base32 = @import("base32.zig");
+const crc16 = @import("crc16.zig");
+const crypto = std.crypto;
+const Ed25519 = crypto.sign.Ed25519;
+const mem = std.mem;
+const testing = std.testing;
+
+const Error = error{
+    InvalidPrefixByte,
+    InvalidEncoding,
+    InvalidSeed,
+    NoNKeySeedFound,
+    NoNKeyUserSeedFound,
+};
+
+pub fn fromText(text: []const u8) !Key {
+    if (!isValidEncoding(text)) return error.InvalidEncoding;
+    switch (text[0]) {
+        'S' => {
+            // It's a seed.
+            if (text.len != text_seed_len) return error.InvalidSeed;
+            return Key{ .seed_key_pair = try fromSeed(text[0..text_seed_len]) };
+        },
+        'P' => return error.InvalidEncoding, // unsupported for now
+        else => {
+            if (text.len != text_public_len) return error.InvalidEncoding;
+            return Key{ .public_key = try fromPublicKey(text[0..text_public_len]) };
+        },
+    }
+}
+
+pub const Key = union(enum) {
+    seed_key_pair: SeedKeyPair,
+    public_key: PublicKey,
+
+    const Self = @This();
+
+    pub fn publicKey(self: *const Self) !text_public {
+        return switch (self.*) {
+            .seed_key_pair => |*kp| try kp.publicKey(),
+            .public_key => |*pk| try pk.publicKey(),
+        };
+    }
+
+    pub fn intoPublicKey(self: *const Self) !PublicKey {
+        return switch (self.*) {
+            .seed_key_pair => |*kp| try kp.intoPublicKey(),
+            .public_key => |pk| pk,
+        };
+    }
+
+    pub fn verify(
+        self: *const Self,
+        msg: []const u8,
+        sig: [Ed25519.signature_length]u8,
+    ) !void {
+        return switch (self.*) {
+            .seed_key_pair => |*kp| try kp.verify(msg, sig),
+            .public_key => |*pk| try pk.verify(msg, sig),
+        };
+    }
+
+    pub fn wipe(self: *Self) void {
+        return switch (self.*) {
+            .seed_key_pair => |*kp| kp.wipe(),
+            .public_key => |*pk| pk.wipe(),
+        };
+    }
+};
+
+pub const KeyTypePrefixByte = enum(u8) {
+    seed = 18 << 3, // S
+    private = 15 << 3, // P
+    unknown = 23 << 3, // U
+};
+
+pub const PublicPrefixByte = enum(u8) {
+    account = 0, // A
+    cluster = 2 << 3, // C
+    operator = 14 << 3, // O
+    server = 13 << 3, // N
+    user = 20 << 3, // U
+
+    fn fromU8(b: u8) !PublicPrefixByte {
+        return switch (b) {
+            @enumToInt(PublicPrefixByte.server) => .server,
+            @enumToInt(PublicPrefixByte.cluster) => .cluster,
+            @enumToInt(PublicPrefixByte.operator) => .operator,
+            @enumToInt(PublicPrefixByte.account) => .account,
+            @enumToInt(PublicPrefixByte.user) => .user,
+            else => error.InvalidPrefixByte,
+        };
+    }
+};
+
+pub const SeedKeyPair = struct {
+    const Self = @This();
+
+    seed: text_seed,
+
+    pub fn init(prefix: PublicPrefixByte) !Self {
+        var raw_seed: [Ed25519.seed_length]u8 = undefined;
+        crypto.random.bytes(&raw_seed);
+        defer wipeBytes(&raw_seed);
+
+        var seed = try encodeSeed(prefix, &raw_seed);
+        return Self{ .seed = seed };
+    }
+
+    pub fn initFromSeed(seed: *const text_seed) !Self {
+        var decoded = try decodeSeed(seed);
+        defer decoded.wipe();
+
+        return Self{ .seed = seed.* };
+    }
+
+    fn rawSeed(self: *const Self) ![Ed25519.seed_length]u8 {
+        return (try decodeSeed(&self.seed)).seed;
+    }
+
+    fn keys(self: *const Self) !Ed25519.KeyPair {
+        return Ed25519.KeyPair.create(try rawSeed(self));
+    }
+
+    pub fn privateKey(self: *const Self) !text_private {
+        var kp = try self.keys();
+        defer wipeKeyPair(&kp);
+        return try encodePrivate(&kp.secret_key);
+    }
+
+    pub fn publicKey(self: *const Self) !text_public {
+        var decoded = try decodeSeed(&self.seed);
+        defer decoded.wipe();
+        var kp = try Ed25519.KeyPair.create(decoded.seed);
+        defer wipeKeyPair(&kp);
+        return try encodePublic(decoded.prefix, &kp.public_key);
+    }
+
+    pub fn intoPublicKey(self: *const Self) !PublicKey {
+        var decoded = try decodeSeed(&self.seed);
+        var kp = try Ed25519.KeyPair.create(decoded.seed);
+        defer wipeKeyPair(&kp);
+        return PublicKey{
+            .prefix = decoded.prefix,
+            .key = kp.public_key,
+        };
+    }
+
+    pub fn sign(
+        self: *const Self,
+        msg: []const u8,
+    ) ![Ed25519.signature_length]u8 {
+        var kp = try self.keys();
+        defer wipeKeyPair(&kp);
+        return try Ed25519.sign(msg, kp, null);
+    }
+
+    pub fn verify(
+        self: *const Self,
+        msg: []const u8,
+        sig: [Ed25519.signature_length]u8,
+    ) !void {
+        var kp = try self.keys();
+        defer wipeKeyPair(&kp);
+        try Ed25519.verify(sig, msg, kp.public_key);
+    }
+
+    pub fn wipe(self: *Self) void {
+        wipeBytes(&self.seed);
+    }
+
+    fn wipeKeyPair(kp: *Ed25519.KeyPair) void {
+        wipeBytes(&kp.secret_key);
+    }
+};
+
+fn wipeBytes(bs: []u8) void {
+    for (bs) |*b| b.* = 0;
+}
+
+pub const PublicKey = struct {
+    const Self = @This();
+
+    prefix: PublicPrefixByte,
+    key: [Ed25519.public_length]u8,
+
+    pub fn publicKey(self: *const Self) !text_public {
+        return try encodePublic(self.prefix, &self.key);
+    }
+
+    pub fn verify(
+        self: *const Self,
+        msg: []const u8,
+        sig: [Ed25519.signature_length]u8,
+    ) !void {
+        try Ed25519.verify(sig, msg, self.key);
+    }
+
+    pub fn wipe(self: *Self) void {
+        self.prefix = .user;
+        std.crypto.random.bytes(&self.key);
+    }
+};
+
+// One prefix byte, two CRC bytes
+const binary_private_size = 1 + Ed25519.secret_length + 2;
+// One prefix byte, two CRC bytes
+const binary_public_size = 1 + Ed25519.public_length + 2;
+// Two prefix bytes, two CRC bytes
+const binary_seed_size = 2 + Ed25519.seed_length + 2;
+
+pub const text_private_len = base32.encodedLen(binary_private_size);
+pub const text_public_len = base32.encodedLen(binary_public_size);
+pub const text_seed_len = base32.encodedLen(binary_seed_size);
+
+pub const text_private = [text_private_len]u8;
+pub const text_public = [text_public_len]u8;
+pub const text_seed = [text_seed_len]u8;
+
+pub fn encodePublic(prefix: PublicPrefixByte, key: *const [Ed25519.public_length]u8) !text_public {
+    return encode(1, key.len, &[_]u8{@enumToInt(prefix)}, key);
+}
+
+pub fn encodePrivate(key: *const [Ed25519.secret_length]u8) !text_private {
+    return encode(1, key.len, &[_]u8{@enumToInt(KeyTypePrefixByte.private)}, key);
+}
+
+fn EncodedKey(comptime prefix_len: usize, comptime data_len: usize) type {
+    return [base32.encodedLen(prefix_len + data_len + 2)]u8;
+}
+
+fn encode(
+    comptime prefix_len: usize,
+    comptime data_len: usize,
+    prefix: *const [prefix_len]u8,
+    data: *const [data_len]u8,
+) !EncodedKey(prefix_len, data_len) {
+    var buf: [prefix_len + data_len + 2]u8 = undefined;
+    defer wipeBytes(&buf);
+
+    mem.copy(u8, &buf, prefix[0..]);
+    mem.copy(u8, buf[prefix_len..], data[0..]);
+    var off = prefix_len + data_len;
+    var checksum = crc16.make(buf[0..off]);
+    mem.writeIntLittle(u16, buf[buf.len - 2 .. buf.len], checksum);
+
+    var text: EncodedKey(prefix_len, data_len) = undefined;
+    std.debug.assert(base32.encode(&buf, &text) == text.len);
+
+    return text;
+}
+
+pub fn encodeSeed(prefix: PublicPrefixByte, src: *const [Ed25519.seed_length]u8) !text_seed {
+    var full_prefix = [_]u8{
+        @enumToInt(KeyTypePrefixByte.seed) | (@enumToInt(prefix) >> 5),
+        (@enumToInt(prefix) & 0b00011111) << 3,
+    };
+    return encode(full_prefix.len, src.len, &full_prefix, src);
+}
+
+pub fn decodePrivate(text: *const text_private) ![Ed25519.secret_length]u8 {
+    var decoded = try decode(1, Ed25519.secret_length, text);
+    defer wipeBytes(&decoded.data);
+    if (decoded.prefix[0] != @enumToInt(KeyTypePrefixByte.private))
+        return error.InvalidPrefixByte;
+    return decoded.data;
+}
+
+pub fn decodePublic(prefix: PublicPrefixByte, text: *const text_public) ![Ed25519.public_length]u8 {
+    var decoded = try decode(1, Ed25519.public_length, text);
+    if (decoded.data[0] != @enumToInt(prefix))
+        return error.InvalidPrefixByte;
+    return decoded.data;
+}
+
+fn DecodedNKey(comptime prefix_len: usize, comptime data_len: usize) type {
+    return struct {
+        prefix: [prefix_len]u8,
+        data: [data_len]u8,
+    };
+}
+
+fn decode(
+    comptime prefix_len: usize,
+    comptime data_len: usize,
+    text: *const [base32.encodedLen(prefix_len + data_len + 2)]u8,
+) !DecodedNKey(prefix_len, data_len) {
+    var raw: [prefix_len + data_len + 2]u8 = undefined;
+    defer wipeBytes(&raw);
+    std.debug.assert((try base32.decode(text[0..], &raw)) == raw.len);
+
+    var checksum = mem.readIntLittle(u16, raw[raw.len - 2 .. raw.len]);
+    try crc16.validate(raw[0 .. raw.len - 2], checksum);
+
+    return DecodedNKey(prefix_len, data_len){
+        .prefix = raw[0..prefix_len].*,
+        .data = raw[prefix_len .. raw.len - 2].*,
+    };
+}
+
+pub const DecodedSeed = struct {
+    const Self = @This();
+
+    prefix: PublicPrefixByte,
+    seed: [Ed25519.seed_length]u8,
+
+    pub fn wipe(self: *Self) void {
+        self.prefix = .account;
+        wipeBytes(&self.seed);
+    }
+};
+
+pub fn decodeSeed(text: *const text_seed) !DecodedSeed {
+    var decoded = try decode(2, Ed25519.seed_length, text);
+    defer wipeBytes(&decoded.data); // gets copied
+
+    var key_ty_prefix = decoded.prefix[0] & 0b11111000;
+    var entity_ty_prefix = (decoded.prefix[0] & 0b00000111) << 5 | ((decoded.prefix[1] & 0b11111000) >> 3);
+
+    if (key_ty_prefix != @enumToInt(KeyTypePrefixByte.seed))
+        return error.InvalidSeed;
+
+    return DecodedSeed{
+        .prefix = try PublicPrefixByte.fromU8(entity_ty_prefix),
+        .seed = decoded.data,
+    };
+}
+
+pub fn fromPublicKey(text: *const text_public) !PublicKey {
+    var decoded = try decode(1, Ed25519.public_length, text);
+    defer wipeBytes(&decoded.data); // gets copied
+
+    return PublicKey{
+        .prefix = try PublicPrefixByte.fromU8(decoded.prefix[0]),
+        .key = decoded.data,
+    };
+}
+
+pub fn fromSeed(text: *const text_seed) !SeedKeyPair {
+    var res = try decodeSeed(text);
+    wipeBytes(&res.seed);
+    return SeedKeyPair{ .seed = text.* };
+}
+
+pub fn isValidEncoding(text: []const u8) bool {
+    if (text.len < 4) return false;
+    var made_crc: u16 = 0;
+    var dec = base32.Decoder{};
+    var crc_buf: [2]u8 = undefined;
+    var crc_buf_len: u8 = 0;
+    var expect_len: usize = base32.decodedLen(text.len);
+    var wrote_n_total: usize = 0;
+    for (text) |c, i| {
+        var b = (dec.read(c) catch return false) orelse continue;
+        wrote_n_total += 1;
+        if (crc_buf_len == 2) made_crc = crc16.update(made_crc, &.{crc_buf[0]});
+        crc_buf[0] = crc_buf[1];
+        crc_buf[1] = b;
+        if (crc_buf_len != 2) crc_buf_len += 1;
+    }
+    if (dec.out_off != 0 and wrote_n_total < expect_len) {
+        if (crc_buf_len == 2) made_crc = crc16.update(made_crc, &.{crc_buf[0]});
+        crc_buf[0] = crc_buf[1];
+        crc_buf[1] = dec.buf;
+        if (crc_buf_len != 2) crc_buf_len += 1;
+    }
+    if (crc_buf_len != 2) unreachable;
+    var got_crc = mem.readIntLittle(u16, &crc_buf);
+    return made_crc == got_crc;
+}
+
+pub fn isValidSeed(text: *const text_seed) bool {
+    var res = decodeSeed(text) catch return false;
+    wipeBytes(&res.seed);
+    return true;
+}
+
+pub fn isValidPublicKey(text: *const text_public, with_type: ?PublicPrefixByte) bool {
+    var res = decode(1, Ed25519.public_length, text) catch return false;
+    var public = PublicPrefixByte.fromU8(res.data[0]) catch return false;
+    return if (with_type) |ty| public == ty else true;
+}
+
+pub fn fromRawSeed(prefix: PublicPrefixByte, raw_seed: *const [Ed25519.seed_length]u8) !SeedKeyPair {
+    return SeedKeyPair{ .seed = try encodeSeed(prefix, raw_seed) };
+}
+
+pub fn getNextLine(text: []const u8, off: *usize) ?[]const u8 {
+    if (off.* <= text.len) return null;
+    var newline_pos = mem.indexOfPos(u8, text, off.*, "\n") orelse return null;
+    var start = off.*;
+    var end = newline_pos;
+    if (newline_pos > 0 and text[newline_pos - 1] == '\r') end -= 1;
+    off.* = newline_pos + 1;
+    return text[start..end];
+}
+
+// `line` must not contain CR or LF characters.
+pub fn isKeySectionBarrier(line: []const u8) bool {
+    return line.len >= 6 and mem.startsWith(u8, line, "---") and mem.endsWith(u8, line, "---");
+}
+
+pub fn areKeySectionContentsValid(contents: []const u8) bool {
+    const allowed_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-.=";
+
+    for (contents) |c| {
+        var is_c_allowed = false;
+        for (allowed_chars) |allowed_c| {
+            if (c == allowed_c) {
+                is_c_allowed = true;
+                break;
+            }
+        }
+        if (!is_c_allowed) return false;
+    }
+
+    return true;
+}
+
+pub fn findKeySection(text: []const u8, off: *usize) ?[]const u8 {
+    // Skip all space
+    // Lines end with \n, but \r\n is also fine
+    // Contents of the key may consist of abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-.=
+    // However, if a line seems to be in the form of ---stuff---, the section is ended.
+    // A newline must be present at the end of the key footer
+    // See https://regex101.com/r/pEaqcJ/1 for a weird edge case in the github.com/nats-io/nkeys library
+    // Another weird edge case: https://regex101.com/r/Xmqj1h/1
+    while (true) {
+        var opening_line = getNextLine(text, off) orelse return null;
+        if (!isKeySectionBarrier(opening_line)) continue;
+
+        var contents_line = getNextLine(text, off) orelse return null;
+        if (!areKeySectionContentsValid(contents_line)) continue;
+
+        var closing_line = getNextLine(text, off) orelse return null;
+        if (!isKeySectionBarrier(closing_line)) continue;
+
+        return contents_line;
+    }
+}
+
+pub fn parseDecoratedJwt(contents: []const u8) ![]const u8 {
+    var current_off: usize = 0;
+    return findKeySection(contents, &current_off) orelse return contents;
+}
+
+fn validNKey(text: []const u8) bool {
+    var valid_prefix =
+        mem.startsWith(u8, text, "SO") or
+        mem.startsWith(u8, text, "SA") or
+        mem.startsWith(u8, text, "SU");
+    var valid_len = text.len >= text_seed_len;
+    return valid_prefix and valid_len;
+}
+
+fn findNKey(text: []const u8) ?[]const u8 {
+    var current_off: usize = 0;
+    while (true) {
+        var line = getNextLine(text, &current_off) orelse return null;
+        for (line) |c, i| {
+            if (!ascii.isSpace(c)) {
+                if (validNKey(line[i..])) return line[i..];
+                break;
+            }
+        }
+    }
+}
+
+pub fn parseDecoratedNKey(contents: []const u8) !SeedKeyPair {
+    var current_off: usize = 0;
+
+    var seed: ?[]const u8 = null;
+    if (findKeySection(contents, &current_off) != null)
+        seed = findKeySection(contents, &current_off);
+    if (seed != null)
+        seed = findNKey(contents) orelse return error.NoNKeySeedFound;
+    if (!validNKey(seed.?))
+        return error.NoNKeySeedFound;
+    return fromSeed(contents[0..text_seed_len]);
+}
+
+pub fn parseDecoratedUserNKey(contents: []const u8) !SeedKeyPair {
+    var key = try parseDecoratedNKey(contents);
+    if (!mem.startsWith(u8, &key.seed, "SU")) return error.NoNKeyUserSeedFound;
+    defer key.wipe();
+    return key;
+}
+
+test {
+    testing.refAllDecls(@This());
+    testing.refAllDecls(Key);
+    testing.refAllDecls(SeedKeyPair);
+    testing.refAllDecls(PublicKey);
+}
+
+test {
+    var key_pair = try SeedKeyPair.init(PublicPrefixByte.server);
+    defer key_pair.wipe();
+
+    var decoded_seed = try decodeSeed(&key_pair.seed);
+    var encoded_second_time = try encodeSeed(decoded_seed.prefix, &decoded_seed.seed);
+    try testing.expectEqualSlices(u8, &key_pair.seed, &encoded_second_time);
+    try testing.expect(isValidEncoding(&key_pair.seed));
+
+    var pub_key_str_a = try key_pair.publicKey();
+    var priv_key_str = try key_pair.privateKey();
+    try testing.expect(pub_key_str_a.len != 0);
+    try testing.expect(priv_key_str.len != 0);
+    try testing.expect(isValidEncoding(&pub_key_str_a));
+    try testing.expect(isValidEncoding(&priv_key_str));
+    wipeBytes(&priv_key_str);
+
+    var pub_key = try key_pair.intoPublicKey();
+    var pub_key_str_b = try pub_key.publicKey();
+    try testing.expectEqualSlices(u8, &pub_key_str_a, &pub_key_str_b);
+}
diff --git a/src/znk.zig b/src/znk.zig
new file mode 100644
index 0000000..ab36c96
--- /dev/null
+++ b/src/znk.zig
@@ -0,0 +1,462 @@
+const std = @import("std");
+const Allocator = mem.Allocator;
+const ascii = std.ascii;
+const build_options = @import("build_options");
+const builtin = std.builtin;
+const fs = std.fs;
+const io = std.io;
+const mem = std.mem;
+const nkeys = @import("nkeys.zig");
+const process = std.process;
+const testing = std.testing;
+
+pub fn fatal(comptime format: []const u8, args: anytype) noreturn {
+    std.debug.print("error: " ++ format ++ "\n", args);
+    process.exit(1);
+}
+
+pub fn info(comptime format: []const u8, args: anytype) void {
+    std.debug.print(format ++ "\n", args);
+}
+
+const usage =
+    \\Usage: znk [command] [options]
+    \\
+    \\Commands:
+    \\
+    \\  gen            Generate a new key pair
+    \\  help           Print this help and exit
+    \\  sign           Sign a file
+    \\  verify         Verify a file with a signature
+    \\  version        Print version number and exit
+    \\
+    \\General Options:
+    \\
+    \\  -h, --help     Print this help and exit
+    \\
+;
+
+var general_purpose_allocator = std.heap.GeneralPurposeAllocator(.{}){};
+
+pub fn main() anyerror!void {
+    // Stolen from the Zig compiler
+    var gpa_need_deinit = false;
+    const gpa = gpa: {
+        if (!std.builtin.link_libc) {
+            gpa_need_deinit = true;
+            break :gpa &general_purpose_allocator.allocator;
+        }
+        // We would prefer to use raw libc allocator here, but cannot
+        // use it if it won't support the alignment we need.
+        if (@alignOf(std.c.max_align_t) < @alignOf(i128)) {
+            break :gpa std.heap.c_allocator;
+        }
+        break :gpa std.heap.raw_c_allocator;
+    };
+    defer if (gpa_need_deinit) {
+        std.debug.assert(!general_purpose_allocator.deinit());
+    };
+    var arena_instance = std.heap.ArenaAllocator.init(gpa);
+    defer arena_instance.deinit();
+    const arena = &arena_instance.allocator;
+
+    const args = try process.argsAlloc(arena);
+    return mainArgs(gpa, arena, args);
+}
+
+pub fn mainArgs(gpa: *Allocator, arena: *Allocator, args: []const []const u8) !void {
+    if (args.len <= 1) {
+        info("{s}", .{usage});
+        fatal("expected command argument", .{});
+    }
+
+    const cmd = args[1];
+    const cmd_args = args[2..];
+    if (mem.eql(u8, cmd, "gen")) {
+        return cmdGen(gpa, arena, cmd_args);
+    } else if (mem.eql(u8, cmd, "sign")) {
+        return cmdSign(gpa, arena, cmd_args);
+    } else if (mem.eql(u8, cmd, "verify")) {
+        return cmdVerify(gpa, arena, cmd_args);
+    } else if (mem.eql(u8, cmd, "version")) {
+        return io.getStdOut().writeAll(build_options.version ++ "\n");
+    } else if (mem.eql(u8, cmd, "help") or mem.eql(u8, cmd, "-h") or mem.eql(u8, cmd, "--help")) {
+        return io.getStdOut().writeAll(usage);
+    } else {
+        info("{s}", .{usage});
+        fatal("unknown command: {s}", .{cmd});
+    }
+}
+
+const usage_gen =
+    \\Usage: znk gen [options] <type>
+    \\
+    \\Supported Types:
+    \\
+    \\  account
+    \\  cluster
+    \\  operator
+    \\  server
+    \\  user
+    \\
+    \\General Options:
+    \\
+    \\  -h, --help     Print this help and exit
+    \\
+    \\Generate Options:
+    \\
+    \\  -o, --pub-out  Print the public key to stdout
+    \\  -p, --prefix   Vanity public key prefix, turns -o on
+    \\
+;
+
+pub fn cmdGen(gpa: *Allocator, arena: *Allocator, args: []const []const u8) !void {
+    const stdout = io.getStdOut();
+
+    var ty: ?nkeys.PublicPrefixByte = null;
+    var pub_out: bool = false;
+    var prefix: ?[]const u8 = null;
+
+    var i: usize = 0;
+    while (i < args.len) : (i += 1) {
+        const arg = args[i];
+        if (mem.startsWith(u8, arg, "-")) {
+            if (mem.eql(u8, arg, "-h") or mem.eql(u8, arg, "--help")) {
+                return stdout.writeAll(usage_gen);
+            } else if (mem.eql(u8, arg, "-o") or mem.eql(u8, arg, "--pub-out")) {
+                pub_out = true;
+            } else if (mem.eql(u8, arg, "-p") or mem.eql(u8, arg, "--prefix")) {
+                if (i + 1 >= args.len)
+                    fatal("expected argument after '{s}'", .{arg});
+                i += 1;
+                if (args[i].len > nkeys.text_public_len - 1)
+                    fatal("public key prefix '{s}' is too long", .{arg});
+                prefix = args[i];
+            } else {
+                fatal("unrecognized parameter: '{s}'", .{arg});
+            }
+        } else if (ty != null) {
+            fatal("more than one type to generate provided", .{});
+        } else if (mem.eql(u8, arg, "account")) {
+            ty = .account;
+        } else if (mem.eql(u8, arg, "cluster")) {
+            ty = .cluster;
+        } else if (mem.eql(u8, arg, "operator")) {
+            ty = .operator;
+        } else if (mem.eql(u8, arg, "server")) {
+            ty = .server;
+        } else if (mem.eql(u8, arg, "user")) {
+            ty = .user;
+        } else {
+            fatal("unrecognized extra parameter: '{s}'", .{arg});
+        }
+    }
+
+    if (ty == null) {
+        info("{s}", .{usage_gen});
+        fatal("no type to generate seed for provided", .{});
+    }
+
+    if (prefix != null) {
+        const capitalized_prefix = try toUpper(arena, prefix.?);
+
+        try PrefixKeyGenerator.init(arena, ty.?, capitalized_prefix).generate();
+    } else {
+        var kp = nkeys.SeedKeyPair.init(ty.?) catch |e| fatal("could not generate key pair: {e}", .{e});
+        defer kp.wipe();
+        try stdout.writeAll(&kp.seed);
+        try stdout.writeAll("\n");
+
+        var public_key = kp.publicKey() catch |e| fatal("could not generate public key: {e}", .{e});
+        if (pub_out) {
+            try stdout.writeAll(&public_key);
+            try stdout.writeAll("\n");
+        }
+    }
+}
+
+const usage_sign =
+    \\Usage: znk sign -k <file> [options] <file>
+    \\
+    \\General Options:
+    \\
+    \\  -h, --help     Print this help and exit
+    \\
+    \\Sign Options:
+    \\
+    \\  -k, --key      Path of private key/seed to sign with
+    \\
+;
+
+pub fn cmdSign(gpa: *Allocator, arena: *Allocator, args: []const []const u8) !void {
+    // TODO(rutgerbrf): support setting a custom entropy file?
+    const stdin = io.getStdIn();
+    const stdout = io.getStdOut();
+
+    var file_stdin = false;
+    var key_stdin = false;
+    var file: ?fs.File = null;
+    var key: ?fs.File = null;
+    defer if (!key_stdin) if (file) |f| f.close();
+    defer if (!file_stdin) if (key) |f| f.close();
+
+    var i: usize = 0;
+    while (i < args.len) : (i += 1) {
+        const arg = args[i];
+        if (mem.startsWith(u8, arg, "-") and arg.len > 1) {
+            if (mem.eql(u8, arg, "-h") or mem.eql(u8, arg, "--help")) {
+                return stdout.writeAll(usage_sign);
+            } else if (mem.eql(u8, arg, "-k") or mem.eql(u8, arg, "--key")) {
+                if (i + 1 >= args.len) fatal("expected argument after '{s}'", .{arg});
+                i += 1;
+                if (key != null) fatal("parameter '{s}' provided more than once", .{arg});
+                if (std.mem.eql(u8, args[i], "-")) {
+                    key = stdin;
+                    key_stdin = true;
+                } else {
+                    key = try fs.cwd().openFile(args[i], .{});
+                }
+            } else {
+                fatal("unrecognized parameter: '{s}'", .{arg});
+            }
+        } else if (file != null) {
+            fatal("more than one file to generate a signature for provided", .{});
+        } else if (mem.eql(u8, args[i], "-")) {
+            file = stdin;
+            file_stdin = true;
+        } else {
+            file = try fs.cwd().openFile(args[i], .{});
+        }
+    }
+
+    if (file == null) {
+        info("{s}", .{usage_sign});
+        fatal("no file to generate a signature for provided", .{});
+    }
+
+    if (key == null) {
+        info("{s}", .{usage_sign});
+        fatal("no key to sign with provided", .{});
+    }
+
+    if (file_stdin and key_stdin) {
+        fatal("can't use stdin for reading multiple files", .{});
+    }
+
+    const content = file.?.readToEndAlloc(arena, std.math.maxInt(usize)) catch {
+        fatal("could not read file to generate signature for", .{});
+    };
+    var kp = switch (readKeyFile(arena, key.?)) {
+        .seed_key_pair => |kp| kp,
+        else => |*k| {
+            k.wipe();
+            fatal("key was provided but is not a seed", .{});
+        },
+    };
+    defer kp.wipe();
+
+    const sig = kp.sign(content) catch fatal("could not generate signature", .{});
+    var encoded_sig = try arena.alloc(u8, std.base64.standard.Encoder.calcSize(sig.len));
+    _ = std.base64.standard.Encoder.encode(encoded_sig, &sig);
+    try stdout.writeAll(encoded_sig);
+    try stdout.writeAll("\n");
+}
+
+const usage_verify =
+    \\Usage: znk verify [options] <file>
+    \\
+    \\General Options:
+    \\
+    \\  -h, --help     Print this help and exit
+    \\
+    \\Verify Options:
+    \\
+    \\  -k, --key      Path of key to verify with
+    \\  -s, --sig      Path of signature to verify
+    \\
+;
+
+pub fn cmdVerify(gpa: *Allocator, arena: *Allocator, args: []const []const u8) !void {
+    const stdin = io.getStdIn();
+    const stdout = io.getStdOut();
+
+    var file_stdin = false;
+    var key_stdin = false;
+    var sig_stdin = false;
+    var key: ?fs.File = null;
+    var file: ?fs.File = null;
+    var sig: ?fs.File = null;
+    defer if (!file_stdin) if (file) |f| f.close();
+    defer if (!key_stdin) if (key) |f| f.close();
+    defer if (!sig_stdin) if (sig) |f| f.close();
+
+    var i: usize = 0;
+    while (i < args.len) : (i += 1) {
+        const arg = args[i];
+        if (mem.startsWith(u8, arg, "-") and arg.len > 1) {
+            if (mem.eql(u8, arg, "-h") or mem.eql(u8, arg, "--help")) {
+                return stdout.writeAll(usage_verify);
+            } else if (mem.eql(u8, arg, "-k") or mem.eql(u8, arg, "--key")) {
+                if (i + 1 >= args.len) fatal("expected argument after '{s}'", .{arg});
+                i += 1;
+                if (key != null) fatal("parameter '{s}' provided more than once", .{arg});
+                if (std.mem.eql(u8, args[i], "-")) {
+                    key = stdin;
+                    key_stdin = true;
+                } else {
+                    key = try fs.cwd().openFile(args[i], .{});
+                }
+            } else if (mem.eql(u8, arg, "-s") or mem.eql(u8, arg, "--sig")) {
+                if (i + 1 >= args.len) fatal("expected argument after '{s}'", .{arg});
+                i += 1;
+                if (sig != null) fatal("parameter '{s}' provided more than once", .{arg});
+                if (std.mem.eql(u8, args[i], "-")) {
+                    sig = stdin;
+                    sig_stdin = true;
+                } else {
+                    sig = try fs.cwd().openFile(args[i], .{});
+                }
+            } else {
+                fatal("unrecognized parameter: '{s}'", .{arg});
+            }
+        } else if (file != null) {
+            fatal("more than one file to verify signature of provided", .{});
+        } else if (mem.eql(u8, args[i], "-")) {
+            file = stdin;
+            file_stdin = true;
+        } else {
+            file = try fs.cwd().openFile(args[i], .{});
+        }
+    }
+
+    if (file == null) {
+        info("{s}", .{usage_verify});
+        fatal("no file to verify signature of provided", .{});
+    }
+
+    if (key == null) {
+        info("{s}", .{usage_verify});
+        fatal("no key to verify signature with provided", .{});
+    }
+
+    if (sig == null) {
+        info("{s}", .{usage_verify});
+        fatal("no file to generate a signature for provided", .{});
+    }
+
+    if (two(&.{ file_stdin, key_stdin, sig_stdin })) {
+        fatal("can't use stdin for reading multiple files", .{});
+    }
+
+    const content = file.?.readToEndAlloc(arena, std.math.maxInt(usize)) catch {
+        fatal("could not read file to generate signature for", .{});
+    };
+    const signature_b64 = sig.?.readToEndAlloc(arena, std.math.maxInt(usize)) catch {
+        fatal("could not read signature", .{});
+    };
+    var k = readKeyFile(arena, key.?);
+    defer k.wipe();
+
+    const trimmed_signature_b64 = mem.trim(u8, signature_b64, " \n\t\r");
+    const decoded_len = std.base64.standard.Decoder.calcSizeForSlice(trimmed_signature_b64) catch {
+        fatal("invalid signature encoding", .{});
+    };
+    if (decoded_len != std.crypto.sign.Ed25519.signature_length)
+        fatal("invalid signature length", .{});
+    const signature = try arena.alloc(u8, decoded_len);
+
+    _ = std.base64.standard.Decoder.decode(signature, trimmed_signature_b64) catch {
+        fatal("invalid signature encoding", .{});
+    };
+    k.verify(content, signature[0..std.crypto.sign.Ed25519.signature_length].*) catch {
+        fatal("bad signature", .{});
+    };
+
+    try stdout.writeAll("good signature\n");
+}
+
+const PrefixKeyGenerator = struct {
+    ty: nkeys.PublicPrefixByte,
+    prefix: []const u8,
+    allocator: *Allocator,
+    done: std.atomic.Bool,
+
+    const Self = @This();
+
+    pub fn init(allocator: *Allocator, ty: nkeys.PublicPrefixByte, prefix: []const u8) Self {
+        return .{
+            .ty = ty,
+            .prefix = prefix,
+            .allocator = allocator,
+            .done = std.atomic.Bool.init(false),
+        };
+    }
+
+    fn generatePrivate(self: *Self) void {
+        while (true) {
+            if (self.done.load(.SeqCst)) return;
+
+            var kp = nkeys.SeedKeyPair.init(self.ty) catch |e| fatal("could not generate key pair: {e}", .{e});
+            defer kp.wipe();
+            var public_key = kp.publicKey() catch |e| fatal("could not generate public key: {e}", .{e});
+            if (!mem.startsWith(u8, public_key[1..], self.prefix)) continue;
+
+            if (self.done.xchg(true, .SeqCst)) return; // another thread is already done
+
+            info("{s}", .{kp.seed});
+            info("{s}", .{public_key});
+
+            return;
+        }
+    }
+
+    pub usingnamespace if (builtin.single_threaded) struct {
+        pub fn generate(self: *Self) !void {
+            return self.generatePrivate();
+        }
+    } else struct {
+        pub fn generate(self: *Self) !void {
+            var cpu_count = try std.Thread.cpuCount();
+            var threads = try self.allocator.alloc(*std.Thread, cpu_count);
+            defer self.allocator.free(threads);
+            for (threads) |*thread| thread.* = try std.Thread.spawn(Self.generatePrivate, self);
+            for (threads) |thread| thread.wait();
+        }
+    };
+};
+
+pub fn readKeyFile(allocator: *Allocator, file: fs.File) nkeys.Key {
+    var bytes = file.readToEndAlloc(allocator, std.math.maxInt(usize)) catch fatal("could not read key file", .{});
+
+    var iterator = mem.split(bytes, "\n");
+    while (iterator.next()) |line| {
+        if (nkeys.isValidEncoding(line) and line.len == nkeys.text_seed_len) {
+            var k = nkeys.fromText(line) catch continue;
+            defer k.wipe();
+            allocator.free(bytes);
+            return k;
+        }
+    }
+
+    fatal("could not find a valid key", .{});
+}
+
+fn two(slice: []const bool) bool {
+    var one = false;
+    for (slice) |x| if (x and one) {
+        return true;
+    } else {
+        one = true;
+    };
+    return false;
+}
+
+fn toUpper(allocator: *Allocator, slice: []const u8) ![]u8 {
+    const result = try allocator.alloc(u8, slice.len);
+    for (slice) |c, i| result[i] = ascii.toUpper(c);
+    return result;
+}
+
+test {
+    testing.refAllDecls(@This());
+}