adityasaky
commented
8 months ago There is still a minor inconsistency in the test key file formats. That is, rsa-test-key is in PKCS1 format, whereas the others private keys are PKCS8. Since your deserialization code supports both, it's not an issue, I just wanted to point it out.
I added a PKCS8 encoded key file for the same key, and it's tested too.
The newer python-securesystemslib implementation separates private key objects (Signer) and public key objects (Key). This also means that it no longer stores private key data in a serialized format together with the public key, but uses whatever format makes sense for the signing provider (e.g. an rsa private key is stored as pyca/cryptography RSAPrivateKey object).
The plan for go-securesystemslib is to provide something similar to python-securesystemslib. With this PR, the flow is to go from LoadKey to NewSignerVerifier to get a signer instance for the private key. We can refactor (separately) signer creation to directly use the private key bytes and limit LoadKey to public keys for use in metadata, which should be similar to the python-securesystemslib flow.
Submitting #67 for merge into main.