webpki
webpki copied to clipboard
briansmith
Add API to export public key
This is a PR just to show what an API giving access to a certificate's public key could look like, as input for #85. It also depends on #86 getting merged for the test case, but I would be open to rebase this if #86 is unacceptable for any reason, of course.
Thanks!
Will probably take me until the weekend to address these (will also wait for #86 to be settled)
Pushed a new version, I hope I understood the direction you want to go into. A maybe nicer alternative could be provided if the TrustAnchor::spki field could be split into the parsed fields (but that would be a breaking change), then we'd only parse the spki fields once when the Cert is created.
Respectful ping, is there anything left unadressed here? Sorry, I am not well versed in how to resolve the requested changes correctly in github. I will gladly make any change still deemed necessary.
Thanks!
@shahn Are you still interested in this? If so, please reply to https://github.com/briansmith/webpki/pull/87#discussion_r259547139 so we can figure out a path forward.
Yes, I am still very interested in this, just pretty overloaded with work Tasks atm and the question is a bit tricky. I hope to get to it soon.
Note: I renamed the "master" branch to "main". Sorry for the inconvenience. This PR has had its base branch updated to "main" but you'll need to deal with the change in your local repo yourself.
I wanted to pick this back up, but there's one catch with the idea of pre-parsing the SPKI. It would be a change of public API of TrustAnchor to store the SPKI in that format, and those who manually construct a TrustAnchor just from serialized bytes would be affected. Should the public API be preserved, or should it be adapted? One more question would be how to easily serialize it in a build script, for example. To me it seems that the philosophy is very much of parsing/validating most parts as late as possible, which clashes with the ideas around SPKI handling.