Currently, Identity is given a PKCS#12 or PKCS#8 blob. This does not encompass several usecases, including smartcards, whose private key is non-exportable. In order to fix this, Identity should be changed to be a factory that returns an imp::Identity.
Basic factories on Windows would be
A factory that prompts a user for a key using Window's built in method for doing so (I believe the relevant function would be CryptUIDlgSelectCertificateFromStore).
A similar factory that remembers your choice for the process duration
I expect MacOS has a similar system for prompting the user to choose a cert. I don't know if Linux does, but factories should still be applicable there.
The one usecase this wouldn't support is choosing an identity based on what identities the server says it will accept, but that extension should be doable.
Currently,
Identity
is given a PKCS#12 or PKCS#8 blob. This does not encompass several usecases, including smartcards, whose private key is non-exportable. In order to fix this,Identity
should be changed to be a factory that returns animp::Identity
.Basic factories on Windows would be
CryptUIDlgSelectCertificateFromStore
).I expect MacOS has a similar system for prompting the user to choose a cert. I don't know if Linux does, but factories should still be applicable there.
The one usecase this wouldn't support is choosing an identity based on what identities the server says it will accept, but that extension should be doable.