extend the interface to accept external instance of a signatory service via an interface

[DhiaSlm]

Problem: we cannot expose the private key out of the key store. However, a private key is needed to sign the SD-JWT credential and append the signature in the returned combined format Solution(s): one of the following 2 solutions is possible:

• accept the signer instance via a known interface (e.g JWSSigner of nimbus ?): it is up to the consumer service to provide an instance of this signer
• return an unsigned SD-JWT credential, with a utility function to include a signature (append it to the combined format). It is up to the consumer service to include a signature in the issued SD-JWT credential

[DhiaSlm]

the waltid sd-jwt is an example on how to use an external signing service using JWTCryptoProvider interface

[markuskreusch]

We already experimented with a signing interface that can be passed into the library and allows arbitrary implementations to generate the signature because we had a similar situation with a non exportable key. The way this works will be similar to the JWTCryptoProvider implementation you referenced. We will probably contribute this feature to the codebase but I can not give an ETA yet.

[DhiaSlm]

@markuskreusch Alright, thank you for the info. We should also contribute this feature on our side soon, so it would be great if you could review it later on. Once a PR is created, we will add you to the review.