Open g-k opened 6 years ago
Maybe we don't even care about the public key and we just use the private key to do everything? https://github.com/mozilla-services/margo/blob/c04cb30b8757c5a246d2d2a3600ade962c94b725/examples/sign.go#L41
Maybe we don't even care about the public key and we just use the private key to do everything?
Yeah, we really shouldn't need the public key to sign things.
So we can:
crypto.PrivateKey
interface This will also marginally improve boot or signing request perf (since we're making one fewer FindKey call to the HSM per key pair).
Discussed with @jvehent and we'll just add a check that private and pub key lengths match.
As @jvehent pointed out, mismatched private and public key lengths break mar
/sign/file
as follows: