Use Base62 for tokens and Base58 for keys

 * Base62 minimizes extra size overhead relative to Base64.
 * Base58 removes ambiguous characters from key encodings.

Common for both bases is that they do not emit any characters that
interfer with easily selecting them on web pages or in the CLI.

2 files changed, 15 insertions, 4 deletions

diff --git a/security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java b/security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java
index dc6078c58b7..f44eadc59d4 100644
--- a/security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java
@@ -155,9 +155,15 @@ public class KeyUtilsTest {
         var priv = xecPrivFromHex(privHex);
         assertEquals(privHex, xecHexFromPriv(priv));
 
+        // Base 64
         var privB64 = KeyUtils.toBase64EncodedX25519PrivateKey(priv);
         var priv2 = KeyUtils.fromBase64EncodedX25519PrivateKey(privB64);
         assertEquals(privHex, xecHexFromPriv(priv2));
+
+        // Base 58
+        var privB58 = KeyUtils.toBase58EncodedX25519PrivateKey(priv);
+        var priv3 = KeyUtils.fromBase58EncodedX25519PrivateKey(privB58);
+        assertEquals(privHex, xecHexFromPriv(priv3));
     }
 
     @Test
@@ -166,9 +172,15 @@ public class KeyUtilsTest {
         var pub = xecPubFromHex(pubHex);
         assertEquals(pubHex, xecHexFromPub(pub));
 
+        // Base 64
         var pubB64 = KeyUtils.toBase64EncodedX25519PublicKey(pub);
         var pub2 = KeyUtils.fromBase64EncodedX25519PublicKey(pubB64);
         assertEquals(pubHex, xecHexFromPub(pub2));
+
+        // Base 58
+        var pubB58 = KeyUtils.toBase58EncodedX25519PublicKey(pub);
+        var pub3 = KeyUtils.fromBase58EncodedX25519PublicKey(pubB58);
+        assertEquals(pubHex, xecHexFromPub(pub3));
     }
 
     @Test
diff --git a/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java b/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java
index 74b4ca0854b..4e64bc3e9aa 100644
--- a/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java
@@ -14,7 +14,6 @@ import java.util.Arrays;
 import java.util.Base64;
 
 import static com.yahoo.security.ArrayUtils.hex;
-import static com.yahoo.security.ArrayUtils.toUtf8Bytes;
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
@@ -47,12 +46,12 @@ public class SharedKeyTest {
 
     @Test
     void token_v1_representation_is_stable() {
-        var receiverPrivate = KeyUtils.fromBase64EncodedX25519PrivateKey("4qGcntygFn_a3uqeBa1PbDlygQ-cpOuNznTPIz9ftWE");
-        var receiverPublic  = KeyUtils.fromBase64EncodedX25519PublicKey( "ROAH_S862tNMpbJ49lu1dPXFCPHFIXZK30pSrMZEmEg");
+        var receiverPrivate = KeyUtils.fromBase58EncodedX25519PrivateKey("GFg54SaGNCmcSGufZCx68SKLGuAFrASoDeMk3t5AjU6L");
+        var receiverPublic  = KeyUtils.fromBase58EncodedX25519PublicKey( "5drrkakYLjYSBpr5Haknh13EiCYL36ndMzK4gTJo6pwh");
         var keyId           = KeyId.ofString("my key ID");
 
         // Token generated for the above receiver public key, with the below expected shared secret (in hex)
-        var publicToken = "AQlteSBrZXkgSUQgAtTxJJdmv3eUoW5Z3NJSdZ3poKPEkW0SJOGQXP6CaC5XfyAVoUlK_NyYIMsJKyNYKU6WmagZpVG2zQGFJoqiFA";
+        var publicToken = "OntP9gRVAjXeZIr4zkYqRJFcnA993v7ZEE7VbcNs1NcR3HdE7Mpwlwi3r3anF1kVa5fn7O1CyeHQpBWpdayUTKkrtyFepG6WJrZdE";
         var expectedSharedSecret = "1b33b4dcd6a94e5a4a1ee6d208197d01";
 
         var theirSealed = SealedSharedKey.fromTokenString(publicToken);