Open partim opened 5 years ago
Yes, I'll take it, provided the PR has full test coverage of the new code.
Note, however, that the API was specifically designed to discourage you from doing it that way. IMO, if you load a public key from one file, and a private key from another file, and they don't agree, then you really shouldn't use that private key. Just as one example, consider the case where the user restored one of the files from backup but not the other, so that they're accidentally out of sync; the current API would help you catch that kind of mistake.
I agree that the current API is preferable and more robust in most use cases. DNSSEC seems to be an exception and I think it is more robust to only keep the private key and any time you update the DNSKEY record, regenerate it from scratch.
I will provide a PR and make sure to add a warning to the documentation of the function.
Would you consider adding a function similar to
Ed25519KeyPair::from_seed_unchecked
?Background is that in DNSSEC, existing implementations (bind, ldns) store keys in files with a special format. For ECDSA, these files only contain the private key component. Technically, there is also an accompanying files with the DNSKEY record containing the public key, but for robustness, I would prefer ignoring that and generating the record from the key pair only.