Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFE] Support for external signers #202

Open
Bob131 opened this issue Jan 29, 2023 · 0 comments
Open

[RFE] Support for external signers #202

Bob131 opened this issue Jan 29, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@Bob131
Copy link

Bob131 commented Jan 29, 2023

Signing functions in the signature and x509 modules often take PrivateKey parameters, using them in a software implementation of the signature protocol. This is an issue because it's common for signing to only be possible via some external method (think smart cards, TPMs, HSMs, SGX enclaves etc); these services try to mitigate the risk of secret key leakage by binding keys to a piece of hardware, providing an interface only for signing and not for private key extraction. It would be nice if picky supported these sorts of external signing methods as well.

For reference, Sequoia seems to do this pretty well: there is a Signer trait that is accepted by functions like SignatureBuilder::sign_hash.

(I realise that this sort of thing might entail significant API churn for which there's not likely to be much appetite; it'd be a nice feature for v8.0, though!)
@CBenoit CBenoit added the enhancement New feature or request label Mar 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CBenoit @Bob131