In a gist, other fields of keychain.Key relies on the PrivateKey field since they are derived from the private key.
Currently, the fields of keychain.Key are publicly exported.
It has a potential risk that a consumer of the keychain component may unintentionally change the value of each field. It would corrupts integrity of keychain.Key (e.g. digital signature operation like signing and verify would not working, the association of public key and id of the key would be broken).
This risk seems to me severe since most debugging for this bug gonna be hard.
Motivation
In a gist, other fields of
keychain.Keyrelies on thePrivateKeyfield since they are derived from the private key.Currently, the fields of
keychain.Keyare publicly exported. It has a potential risk that a consumer of thekeychaincomponent may unintentionally change the value of each field. It would corrupts integrity ofkeychain.Key(e.g. digital signature operation like signing and verify would not working, the association of public key and id of the key would be broken). This risk seems to me severe since most debugging for this bug gonna be hard.Possible approach
keychain.Keyto privatekeychain.Storeinterface: see https://github.com/DE-labtory/zulu/pull/33