User story checklist:

C++ implementation:

- (X) Generate human secret key
- (X) Generate machine secret key
- (X) Certify signing key with root secret key
- ( ) Sign payload with signing key
- ( ) Verify payload with root pubkey

Todo:

- Use libsodium's secure memory when handling keys / seeds / passphrases
- Test on Windows (machine_id won't work)
- Impl https://www.rfc-editor.org/rfc/rfc8959.txt