bad_key_len

Diagnostic `nanook::auth::bad_key_len`

Summary

ed25519 key payload must be 32 bytes (got {0})

Help

the file is corrupt; regenerate the identity with nanook keygen

Details

When this fires

The base64 decoded fine, but the resulting payload was not 32 bytes. Ed25519 keys are always 32 bytes, so anything else means the file is truncated, padded, or someone pasted the wrong algorithm's blob. The error reports the length the decoder actually saw. This shows up while parsing ~/.nanook/admin/id_ed25519, lines from [admin].authorized, or an authorized_keys file pointed at by [admin].authorized_keys.

What to check

For a corrupt local identity:

nanook keygen --force

For a trusted-key entry, replace the line with a fresh ssh-ed25519 public line copied from the operator's id_ed25519.pub.