#pragma once

#include <optional>
#include <stdint.h>
#include <string>
#include <vector>

namespace BareMinimumCrypto {
	struct ExpiringSignature;
}

// Structs and functions for the receiver role.

/*
The receiver needs to keep at least one root pubkey saved to
non-volatile memory. Since root keys are long-lived, you can
just compile them into the receiver app, too.

All the receiver does is receive combined cert-and-data messages,
and attempt to verify them. The subkeys used to directly sign the
data are disposable and not exposed to callers.
*/

namespace BareMinimumCrypto::Receiver {
	using namespace std;
	
	typedef vector <uint8_t> Bytes;
	
	optional <Bytes> verify_cert_and_data (
		const Bytes & root_pubkey,
		const ExpiringSignature & signed_cert,
		const ExpiringSignature & signed_data
	);
	
	optional <Bytes> verify_cert_and_data (
		const Bytes & root_pubkey,
		const Bytes & msgpack
	);
}