Store private keys in an algorithm agnostic format.

[johanix]

"tdns-cli keystore sig0 generate -z zone -a RSASHA256" doesn't work.

Creating Ed25519 keys work fine, but RSASHA256 keys are generated, but the private key doesn't make it into the DB table. I suspect that the reason is with the parsing of the "bpk" data (Bind Private Key format), which is different for RSA keys than Ed25519 keys.

Exactly the same problem with "... keystore dnssec generate ...".

[johanix]

The reason is that the "Bind Private Key v1.3" format differs significantly between ED25519 keys and RSASHA256 keys, and therefore our unmarshalling fails.

It is not really clear what the best fix is. For ED25519 keys there is just a single "PrivateKey" that we can easily store in a DB table (which is what we do). But in the RSASHA case there's a whole set of different things to store and that doesn't translate cleanly to single thing to store in the DB. I suspect that the right answer is to store the entire "Bind Private Key" text representation. But that's multiple lines and horrible to look at.

For now I think we will just not support RSASHA keys.

[johanix]

Thinking more about this, I believe that the right answer is to convert the keys to PEM format before storing in the keystore and then convert back on use. PEM is widely used and is able to store keys in all algorithms that are relevant.