Fix: Handle errors in Key interface

[asraa]

The key interface does not support error handling on the following points: MarshalPublicKey(), Public(), PublicData()

https://github.com/theupdateframework/go-tuf/blob/ebbc6b8d12d861335a3fc6e7fd8c69a53acaa1e6/pkg/keys/keys.go#L33

In case someone creates a key without unmarshalling first, we should handle these errors.

[asraa]

Some more details:

Currently, we use those functions after we create a verifier in functionality like keys.GetVerifier or a signer through keys.GetSigner

https://github.com/theupdateframework/go-tuf/blob/355e39cb2df220fc3961396a6d0e30bcf2c9ac12/pkg/keys/keys.go#L57-L69

So as long as they're verified during UnmarshalPublicKey or UnmarshalPrivateKey (which now they are), then we will always have a "well-formed" enough public key to Marshal or get the PublicData() from.

In case someone accidentally corrupts those keys in the key store or TUF metadata, then we would return errors like tuf: error unmarshalling key: on loading them in as Verifier or Signer.

So worst case, yes, the key becomes un-usable on load.

That being said, it would always be good practice to re-validate the keys upon marshalling even if they were loaded in a good state, just in case. (for the issue)

[dibrinsofor]

can I take this up? @asraa

Just to confirm, we just want to ensure that keys are unmarshalled before they are returned?

[rdimitrov]

Closing since the code base changed and this is no longer valid.

Thanks for raising this 👍