# `MetamorphicLog.VerifierKey`
[🔗](https://github.com/moss-piglet/metamorphic_log/blob/main/lib/metamorphic_log/verifier_key.ex#L1)

C2SP `signed-note` **verifier-key** (`vkey`) encoding.

A verifier key is the text a relying party pins to recognize and check a
signer's note/checkpoint signatures:

    <name>+<hex(key_id)>+<base64(type_id || public_key)>

where `key_id = SHA-256(name || 0x0A || type_id || public_key)[:4]` (big
endian). These encoders derive the key id and produce the canonical `vkey`
string for the two supported signature types, so a server can publish the
`vkey` its clients feed to `MetamorphicLog.Checkpoint.verify/2` and
`MetamorphicLog.Note.verify/2`.

Public keys cross the boundary **base64-encoded**.

# `encode_ed25519`

```elixir
@spec encode_ed25519(name :: String.t(), public_key_b64 :: String.t()) ::
  {:ok, String.t()} | {:error, String.t()}
```

Encode a classical Ed25519 verifier key from a key `name` and a 32-byte public
key (base64).

Returns `{:ok, vkey}` or `{:error, reason}` (invalid name or a key that is not
32 bytes).

# `encode_hybrid`

```elixir
@spec encode_hybrid(name :: String.t(), public_key_b64 :: String.t()) ::
  {:ok, String.t()} | {:error, String.t()}
```

Encode a hybrid composite verifier key from a key `name` and the
metamorphic-crypto composite public key bytes
(`tag || classical_pk || ml_dsa_pk`, base64).

This is the public key stored as a namespace's signing key. Returns
`{:ok, vkey}` or `{:error, reason}` (invalid name or empty key).

## Example

    {:ok, vkey} = MetamorphicLog.VerifierKey.encode_hybrid("metamorphic.app/log", pk_b64)

---

*Consult [api-reference.md](api-reference.md) for complete listing*
