Is your feature request related to a problem? Please describe
Currently createCsr doesn't allow parameterized generation of Private/Public Key pair, where Public Key is used in CSR extensions. the interface looks like this:
export async function createCsr(params: {
keySize?: number
commonName: string
altNames: string[]
country?: string
state?: string
locality?: string
organization?: string
organizationUnit?: string
emailAddress?: string
}): Promise<{ pkcs10Ber: ArrayBuffer; keys: Required<CryptoKeyPair> }> {
// TODO: allow to provide keys in addition to always generating one
const { privateKey, publicKey } =
(await generateKey()) as Required<CryptoKeyPair>
....
addSubjectAttributes(pkcs10.subject.typesAndValues, params)
await addExtensions(pkcs10, params, publicKey)
await signCsr(pkcs10, privateKey)
So we need to provide a way to allow using existing Key pair and/or allow parameterized algo generation of the pair.
This would allow to generate keys with EC for example, as RSA is hard coded for now as the following:
Is your feature request related to a problem? Please describe
Currently
createCsr
doesn't allow parameterized generation of Private/Public Key pair, where Public Key is used in CSR extensions. the interface looks like this:So we need to provide a way to allow using existing Key pair and/or allow parameterized algo generation of the pair.
This would allow to generate keys with EC for example, as RSA is hard coded for now as the following:
Additional context
Currently people can't use their own public/public keys (e.g. password protected).