feat: support authn keys

[johnletey]

Closes #1

Summary by CodeRabbit

• New Features

  • Introduced a new public key implementation for authentication, enhancing cryptographic capabilities.
  • Added functionality for signature verification in authentication processes.
  • Enhanced codec to handle a new public key type related to authentication.

• Bug Fixes

  • Improved robustness for command execution by quoting directory paths in command-line tools.

• Documentation

  • Updated documentation to include details about the new PubKey structure and its fields.

• Tests

  • Added comprehensive tests to ensure the integrity and security of the signature verification mechanism.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The recent changes enhance the Cosmos SDK by supporting authentication keys, specifically through the introduction of a new PubKey type and corresponding signature verification mechanisms. Modifications to codec registration, gas consumption, and additional documentation ensure that public keys can be efficiently serialized, deserialized, and validated, ultimately strengthening the framework's security and extensibility.

Changes

Files	Change Summary
Makefile	Updated proto-gen target to quote $(CURDIR) to handle spaces in directory paths.
crypto/codec/amino.go, crypto/codec/proto.go	Added registration for authn.PubKey type in codec and interface registry to enhance cryptographic capabilities.
crypto/keys/authn/authn.go, crypto/keys/authn/signature.go	Introduced public key structure and signature verification functionalities, enhancing support for authentication processes.
crypto/keys/authn/signature_test.go	Added comprehensive tests for signature verification, ensuring robustness against various edge cases and encoding formats.
docs/core/proto-docs.md, proto/cosmos/crypto/authn/keys.proto	Documented PubKey structure and added Protocol Buffers message definition to facilitate authentication key handling.
x/auth/ante/sigverify.go	Enhanced DefaultSigVerificationGasConsumer to handle *authn.PubKey, improving signature verification robustness.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant AuthnService
    participant CryptoCodec
    participant SignatureVerifier

    User->>AuthnService: Request Authentication
    AuthnService->>CryptoCodec: Register PubKey
    CryptoCodec-->>AuthnService: Registration Successful
    AuthnService->>SignatureVerifier: Verify Signature
    SignatureVerifier-->>AuthnService: Verification Result
    AuthnService-->>User: Authentication Success/Failure

Loading

Assessment against linked issues

Objective	Addressed	Explanation
Support Authn Keys (#[1])	✅

🐰 Hop, hop, let’s celebrate,
With keys of authn, we elevate.
In code we dance, validations bright,
Secure and swift, in the moonlight.
A tale of cryptos, new and bold,
Join us now, let the magic unfold! 🌙

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[johnletey]

@coderabbitai review

[coderabbitai]

Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 12

Outside diff range, codebase verification and nitpick comments (1)

crypto/keys/authn/signature_test.go (1)

1-2: Add a package comment.

Consider adding a comment to describe the purpose of the authn package.

// Package authn provides functionalities for authentication key management and signature verification.
package authn

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 928be03 and 412d893.

Files ignored due to path filters (1)

• crypto/keys/authn/keys.pb.go is excluded by !**/*.pb.go

Files selected for processing (9)

• Makefile (1 hunks)
• crypto/codec/amino.go (2 hunks)
• crypto/codec/proto.go (2 hunks)
• crypto/keys/authn/authn.go (1 hunks)
• crypto/keys/authn/signature.go (1 hunks)
• crypto/keys/authn/signature_test.go (1 hunks)
• docs/core/proto-docs.md (2 hunks)
• proto/cosmos/crypto/authn/keys.proto (1 hunks)
• x/auth/ante/sigverify.go (2 hunks)

Files skipped from review due to trivial changes (1)

• Makefile

Additional context used

golangci-lint

crypto/keys/authn/signature.go

80-80: appendAssign: append result not assigned to the same slice

(gocritic)

Gitleaks

crypto/keys/authn/signature_test.go

55-55: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

322-322: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

Markdownlint

docs/core/proto-docs.md

3541-3541: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3542-3542: Expected: 1; Actual: 3
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3548-3548: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3554-3554: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3555-3555: Expected: 1; Actual: 3
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3556-3556: Expected: 1; Actual: 4
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3557-3557: Expected: 1; Actual: 5
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3566-3566: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3567-3567: Expected: 1; Actual: 3
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3545-3545: Expected: 1; Actual: 0; Below
Headings should be surrounded by blank lines

(MD022, blanks-around-headings)

Additional comments not posted (39)

proto/cosmos/crypto/authn/keys.proto (6)

1-1: Syntax declaration is correct.

The file correctly declares the syntax as proto3.

---

2-2: Package declaration is correct.

The package is appropriately named cosmos.crypto.authn.

---

4-4: Import statement is correct.

The file correctly imports gogoproto/gogo.proto for using gogoproto options.

---

8-11: Review of goproto_stringer option.

The goproto_stringer option is set to false, which disables the generation of the String() method for the PubKey message. This is appropriate if string representation is not needed.

---

12-12: Review of key_id field.

The key_id field is defined as a string with field number 1. This is appropriate for storing an identifier for the key.

---

13-13: Review of key field.

The key field is defined as bytes with field number 2. This is appropriate for storing the actual key data.

crypto/codec/proto.go (3)

Line range hint 1-1:
Package declaration is correct.

The package is appropriately named codec.

---

Line range hint 3-11:
Import statements are correct.

The file correctly imports the necessary packages, including the new authn package.

---

17-17: Registration of authn.PubKey is correct.

The function correctly registers the new authn.PubKey type as an implementation of the cosmos.crypto.PubKey interface.

crypto/codec/amino.go (3)

Line range hint 1-1:
Package declaration is correct.

The package is appropriately named codec.

---

4-7: Import statements are correct.

The file correctly imports the necessary packages, including the new authn package.

---

20-21: Registration of authn.PubKey is correct.

The function correctly registers the new authn.PubKey type alongside existing public key types.

crypto/keys/authn/authn.go (7)

40-42: LGTM!

The method is straightforward and correct.

---

44-46: LGTM!

The method is straightforward and correct.

---

48-50: LGTM!

The method is straightforward and correct.

---

52-54: LGTM!

The method is straightforward and correct.

---

56-59: LGTM!

The method is straightforward and correct.

---

71-76: LGTM!

The method is straightforward and correct.

---

79-81: LGTM!

The method is straightforward and correct.

x/auth/ante/sigverify.go (1)

390-393: LGTM!

The new case for *authn.PubKey is consistent with existing cases and correctly handles the new public key type.

crypto/keys/authn/signature_test.go (18)

22-33: LGTM!

The CollectedClientData structure is well-defined and follows the WebAuthn specification.

---

35-37: LGTM!

The TokenBinding structure is well-defined and follows the WebAuthn specification.

---

61-74: LGTM!

The GenerateClientData function is well-implemented and follows the WebAuthn specification.

---

76-112: LGTM!

The TestVerifySignature function is comprehensive and covers multiple scenarios.

---

114-148: LGTM!

The TestVerifySignature_ChallengeStdEncoding function is well-implemented and covers the scenario effectively.

---

150-184: LGTM!

The TestVerifySignature_ChallengeHexEncoding function is well-implemented and covers the scenario effectively.

---

186-220: LGTM!

The TestVerifySignature_ChallengeEmpty function is well-implemented and covers the scenario effectively.

---

222-253: LGTM!

The TestVerifySignature_ChallengeNil function is well-implemented and covers the scenario effectively.

---

255-287: LGTM!

The TestVerifySignature_ChallengeInteger function is well-implemented and covers the scenario effectively.

---

289-314: LGTM!

The TestVerifySignature_ClientDataJSONEmpty function is well-implemented and covers the scenario effectively.

---

316-349: LGTM!

The TestVerifySignature_UncompressedPubKey function is well-implemented and covers the scenario effectively.

Tools

Gitleaks

322-322: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

351-378: LGTM!

The TestVerifySignature_AnotherPubKey function is well-implemented and covers the scenario effectively.

---

380-406: LGTM!

The TestVerifySignature_SignaureNotInASN1 function is well-implemented and covers the scenario effectively.

---

408-433: LGTM!

The TestVerifySignature_EmptyAuthenticatorData function is well-implemented and covers the scenario effectively.

---

435-461: LGTM!

The TestVerifySignature_SignatureEncodingInBase64 function is well-implemented and covers the scenario effectively.

---

463-488: LGTM!

The TestVerifySignature_ClientDataJSONEncodingInBase64 function is well-implemented and covers the scenario effectively.

---

490-494: LGTM!

The TestVerifySignature_EmptySignature function is well-implemented and covers the scenario effectively.

---

496-520: LGTM!

The TestVerifySignature_AuthenticatorDataLength function is well-implemented and covers the scenario effectively.

docs/core/proto-docs.md (1)

229-231: LGTM!

The reference link to cosmos/crypto/authn/keys.proto and PubKey has been correctly added.

[coderabbitai]

Fix the formatting issues.

There are multiple consecutive blank lines and missing blank lines around headings. This violates markdownlint rules.

-<a name="cosmos/crypto/authn/keys.proto"></a>
-<p align="right"><a href="#top">Top</a></p>
-
-## cosmos/crypto/authn/keys.proto
-
-
-
-<a name="cosmos.crypto.authn.PubKey"></a>
-
-### PubKey
-PubKey defines a authn public key
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| `key_id` | [string](#string) |  |  |
-| `key` | [bytes](#bytes) |  |  |
-
-
-
-
 <!-- end messages -->
 <!-- end enums -->
 <!-- end HasExtensions -->
 <!-- end services -->
-
-
-
-<a name="cosmos/crypto/ed25519/keys.proto"></a>
-<p align="right"><a href="#top">Top</a></p>
+<a name="cosmos/crypto/authn/keys.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## cosmos/crypto/authn/keys.proto
+
+<a name="cosmos.crypto.authn.PubKey"></a>
+
+### PubKey
+PubKey defines an authn public key
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `key_id` | [string](#string) |  |  |
+| `key` | [bytes](#bytes) |  |  |
+
 <!-- end messages -->
 <!-- end enums -->
 <!-- end HasExtensions -->
 <!-- end services -->
+
+<a name="cosmos/crypto/ed25519/keys.proto"></a>
+<p align="right"><a href="#top">Top</a></p>

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<a name="cosmos/crypto/authn/keys.proto"></a>
	<p align="right"><a href="#top">Top</a></p>
	## cosmos/crypto/authn/keys.proto
	<a name="cosmos.crypto.authn.PubKey"></a>
	### PubKey
	PubKey defines a authn public key
	| Field | Type | Label | Description |
	| ----- | ---- | ----- | ----------- |
	| `key_id` | [string](#string) | | |
	| `key` | [bytes](#bytes) | | |
	<!-- end messages -->
	<!-- end enums -->
	<!-- end HasExtensions -->
	<!-- end services -->
	<a name="cosmos/crypto/authn/keys.proto"></a>
	<p align="right"><a href="#top">Top</a></p>
	## cosmos/crypto/authn/keys.proto
	<a name="cosmos.crypto.authn.PubKey"></a>
	### PubKey
	PubKey defines an authn public key
	| Field | Type | Label | Description |
	| ----- | ---- | ----- | ----------- |
	| `key_id` | [string](#string) | | |
	| `key` | [bytes](#bytes) | | |
	<!-- end messages -->
	<!-- end enums -->
	<!-- end HasExtensions -->
	<!-- end services -->
	<a name="cosmos/crypto/ed25519/keys.proto"></a>
	<p align="right"><a href="#top">Top</a></p>

Tools

Markdownlint

3541-3541: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3542-3542: Expected: 1; Actual: 3
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3548-3548: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3554-3554: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3555-3555: Expected: 1; Actual: 3
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3556-3556: Expected: 1; Actual: 4
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3557-3557: Expected: 1; Actual: 5
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3566-3566: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3567-3567: Expected: 1; Actual: 3
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

---

3545-3545: Expected: 1; Actual: 0; Below
Headings should be surrounded by blank lines

(MD022, blanks-around-headings)

[coderabbitai]

Fix the append assignment issue.

The result of append should be assigned back to payload to ensure the new slice is used.

- payload := append(authenticatorData, clientDataHash[:]...)
+ payload = append(authenticatorData, clientDataHash[:]...)

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	payload := append(authenticatorData, clientDataHash[:]...)
	payload = append(authenticatorData, clientDataHash[:]...)

Tools

golangci-lint

80-80: appendAssign: append result not assigned to the same slice

(gocritic)

[coderabbitai]

Handle hex decoding errors gracefully.

The current error handling simply returns false. Consider logging the error for debugging purposes.

- if err != nil {
-   return false
- }
+ if err != nil {
+   // Log the error for debugging purposes
+   fmt.Printf("Error decoding signatureBytes: %v\n", err)
+   return false
+ }

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	signatureBytes, err := hex.DecodeString(sig.Signature)
	if err != nil {
	return false
	}
	signatureBytes, err := hex.DecodeString(sig.Signature)
	if err != nil {
	// Log the error for debugging purposes
	fmt.Printf("Error decoding signatureBytes: %v\n", err)
	return false
	}

[coderabbitai]

Handle base64 decoding errors gracefully.

The current error handling simply returns false. Consider logging the error for debugging purposes.

- if err != nil {
-   return false
- }
+ if err != nil {
+   // Log the error for debugging purposes
+   fmt.Printf("Error decoding challengeBase64: %v\n", err)
+   return false
+ }

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	challenge, err := base64.RawURLEncoding.DecodeString(challengeBase64)
	if err != nil {
	return false
	}
	challenge, err := base64.RawURLEncoding.DecodeString(challengeBase64)
	if err != nil {
	// Log the error for debugging purposes
	fmt.Printf("Error decoding challengeBase64: %v\n", err)
	return false
	}

[coderabbitai]

Handle hex decoding errors gracefully.

The current error handling simply returns false. Consider logging the error for debugging purposes.

- if err != nil {
-   return false
- }
+ if err != nil {
+   // Log the error for debugging purposes
+   fmt.Printf("Error decoding authenticatorData: %v\n", err)
+   return false
+ }

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	authenticatorData, err := hex.DecodeString(sig.AuthenticatorData)
	if err != nil {
	return false
	}
	authenticatorData, err := hex.DecodeString(sig.AuthenticatorData)
	if err != nil {
	// Log the error for debugging purposes
	fmt.Printf("Error decoding authenticatorData: %v\n", err)
	return false
	}

[coderabbitai]

Handle JSON unmarshalling errors gracefully.

The current error handling simply returns false. Consider logging the error for debugging purposes.

- if err != nil {
-   return false
- }
+ if err != nil {
+   // Log the error for debugging purposes
+   fmt.Printf("Error unmarshalling signature: %v\n", err)
+   return false
+ }

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	err := json.Unmarshal(sigStr, &sig)
	if err != nil {
	return false
	}
	err := json.Unmarshal(sigStr, &sig)
	if err != nil {
	// Log the error for debugging purposes
	fmt.Printf("Error unmarshalling signature: %v\n", err)
	return false
	}

[coderabbitai]

Handle invalid pubkey size error gracefully.

The error message should be more descriptive to aid debugging.

- return sdkerrors.Wrap(sdkerrors.ErrInvalidPubKey, "invalid pubkey size")
+ return sdkerrors.Wrapf(sdkerrors.ErrInvalidPubKey, "invalid pubkey size: expected %d, got %d", PubKeySize, len(bz))

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	func (pubKey *PubKey) UnmarshalAmino(bz []byte) error {
	if len(bz) != PubKeySize {
	return sdkerrors.Wrap(sdkerrors.ErrInvalidPubKey, "invalid pubkey size")
	}
	func (pubKey *PubKey) UnmarshalAmino(bz []byte) error {
	if len(bz) != PubKeySize {
	return sdkerrors.Wrapf(sdkerrors.ErrInvalidPubKey, "invalid pubkey size: expected %d, got %d", PubKeySize, len(bz))
	}

[coderabbitai]

Avoid using panic statements.

Replace the panic statement with proper error handling to ensure the application does not crash unexpectedly.

- if len(pubKey.Key) != PubKeySize {
-   panic("length of pubkey is incorrect")
- }
+ if len(pubKey.Key) != PubKeySize {
+   return nil, sdkerrors.Wrap(sdkerrors.ErrInvalidPubKey, "length of pubkey is incorrect")
+ }

Committable suggestion was skipped due to low confidence.

[coderabbitai]

Define the Signature structure.

The Signature structure is used in multiple test functions but is not defined in the provided code.

type Signature struct {
	AuthenticatorData string `json:"authenticatorData"`
	ClientDataJSON    string `json:"clientDataJSON"`
	Signature         string `json:"signature"`
}

Also applies to: 139-143, 175-179, 211-215, 244-248, 278-282, 340-344, 369-373, 397-401, 424-428, 452-456, 479-483, 511-515

[coderabbitai]

Remove hardcoded KeyId.

The hardcoded KeyId was flagged by static analysis tools. Consider generating it dynamically.

-	KeyId: "a099eda0fb05e5783379f73a06acca726673b8e07e436edcd0d71645982af65c",
+	hash := sha256.Sum256(pkBytes)
+	KeyId: hex.EncodeToString(hash[:]),

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	func GenerateAuthnKey(t *testing.T) (*ecdsa.PrivateKey, PubKey) {
	curve := elliptic.P256()
	privateKey, err := ecdsa.GenerateKey(curve, rand.Reader)
	require.NoError(t, err)
	pkBytes := elliptic.MarshalCompressed(curve, privateKey.PublicKey.X, privateKey.PublicKey.Y)
	pk := PubKey{
	KeyId: "a099eda0fb05e5783379f73a06acca726673b8e07e436edcd0d71645982af65c",
	Key: pkBytes,
	}
	return privateKey, pk
	}
	func GenerateAuthnKey(t *testing.T) (*ecdsa.PrivateKey, PubKey) {
	curve := elliptic.P256()
	privateKey, err := ecdsa.GenerateKey(curve, rand.Reader)
	require.NoError(t, err)
	pkBytes := elliptic.MarshalCompressed(curve, privateKey.PublicKey.X, privateKey.PublicKey.Y)
	hash := sha256.Sum256(pkBytes)
	pk := PubKey{
	KeyId: hex.EncodeToString(hash[:]),
	Key: pkBytes,
	}
	return privateKey, pk
	}

Tools

Gitleaks

55-55: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)