diff --git a/internal/signature/ident.go b/internal/signature/ident.go
new file mode 100644
index 0000000..84edd54
--- /dev/null
+++ b/internal/signature/ident.go
@@ -0,0 +1,55 @@
+// Copyright 2024 Matthew Rich <matthewrich.conf@gmail.com>. All rights reserved.
+
+package signature
+
+import (
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"os"
+)
+
+var ErrInvalidSignature error = errors.New("Invalid signature")
+
+type Ident struct {
+	authorized []string
+	publicKey *rsa.PublicKey
+	privateKey *rsa.PrivateKey
+}
+
+func NewIdent() *Ident {
+	i := &Ident{}
+	i.authorized = []string{ "*" }
+	i.Generate()
+	return i
+}
+
+func (i *Ident) Generate() error {
+	var err error
+	i.privateKey, err = rsa.GenerateKey(rand.Reader, 2048)
+	i.publicKey = &privateKey.PublicKey
+	return err
+}
+
+func (i *Ident) Sign(data []byte) ([]byte, error) {
+	checksum := sha256.Sum256(data)
+	sig, e := rsa.SignPKCS1v15(rand.Reader, i.privateKey, crypto.SHA256, checksum[:])
+	if e != nil {
+		return e
+	}
+	return sig, e
+}
+
+func (i *Ident) Verify(data []byte, signature []byte) error {
+	checksum := sha256.Sum256(data)
+	return rsa.VerifyPKCS1v15(i.publicKey, crypto.SHA256, checksum[:], signature)
+}
+
+func (i *Ident) VerifySum(checksum []byte, signature []byte) error {
+	return rsa.VerifyPKCS1v15(i.publicKey, crypto.SHA256, checksum[:], signature)
+}
+