User story checklist: C++ implementation: - (X) Generate human secret key - (X) Generate machine secret key - (X) Certify signing key with root secret key - ( ) Sign payload with signing key - ( ) Verify payload with root pubkey Todo: - Use libsodium's secure memory when handling keys / seeds / passphrases - Test on Windows (machine_id won't work) - Impl https://www.rfc-editor.org/rfc/rfc8959.txt