You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As the current interface requires the existence of the actual private key in memory for a number of operations a PKCS#11 key (i.e. from letsencrypt/pkcs11key) cannot be used for signing.
It seems like the simplest way to do this would be to allow Signature.PrivateKey.PrivateKey to also be a crypto.Signer (in this switch, but testing the type of priv.PrivateKey instead of priv.PubKeyAlgo) and if present attempt to sign using its Signer.Sign method and parse the resulting signature based on the Signer.PublicKey. As far as I can tell this would be the easiest diff, there is a much more complicated one that completely replaces Signature.PrivateKey.PrivateKey with a crypto.Signer but that would require changing quite a few of the interfaces.
cc @agl for thoughts, if the first idea makes sense I'm happy to work on a CL for it.
The text was updated successfully, but these errors were encountered:
As the current interface requires the existence of the actual private key in memory for a number of operations a PKCS#11 key (i.e. from
letsencrypt/pkcs11key
) cannot be used for signing.It seems like the simplest way to do this would be to allow
Signature.PrivateKey.PrivateKey
to also be acrypto.Signer
(in this switch, but testing the type ofpriv.PrivateKey
instead ofpriv.PubKeyAlgo
) and if present attempt to sign using itsSigner.Sign
method and parse the resulting signature based on theSigner.PublicKey
. As far as I can tell this would be the easiest diff, there is a much more complicated one that completely replacesSignature.PrivateKey.PrivateKey
with acrypto.Signer
but that would require changing quite a few of the interfaces.cc @agl for thoughts, if the first idea makes sense I'm happy to work on a CL for it.
The text was updated successfully, but these errors were encountered: