Add new Certificate.PrivateKey init from PKCS8 DER bytes
#248
Conversation
| @available(macOS 11.0, iOS 14, tvOS 14, watchOS 7, macCatalyst 14, visionOS 1.0, *) | ||
| extension Certificate.PrivateKey { | ||
| /// Initialize a new certificate private key from PKCS8-format DER bytes. | ||
| public init(pkcs8DERBytes: [UInt8]) throws { |
There was a problem hiding this comment.
I'm sort-of thinking that this should be public init(derBytes:). We'd be willing to detect what the right answer was if we had to, but I think we mostly don't have to.
There was a problem hiding this comment.
Yeah I flip-flopped a bit on this since being unspecific about the format lets us evolve the API better. However it is a reality that right now we only understand PKCS8 in DER. Should I still mention this in the docs but change the argument label?
There was a problem hiding this comment.
Can we detect different representation just based on the DER representation reliably?
I don't recall the details but I thought there was a good reason why we switch over the pem discriminator instead of just looking at the bytes.
There was a problem hiding this comment.
Yeah, we can't detect it reliably, but that's ok: it's what PKCS#8 is for. I suspect we'll only ever support the PKCS#8 format here, and that's fine.
| @available(macOS 11.0, iOS 14, tvOS 14, watchOS 7, macCatalyst 14, visionOS 1.0, *) | ||
| extension Certificate.PrivateKey { | ||
| /// Initialize a new certificate private key from PKCS8-format DER bytes. | ||
| public init(pkcs8DERBytes: [UInt8]) throws { |
There was a problem hiding this comment.
Let's also add at least one unit test that uses this constructor directly, ideally one per algorithm.
gjcairo
force-pushed
the
der-private-key
branch
from
415098e to
7a8b9d4
Compare
gjcairo
force-pushed
the
der-private-key
branch
from
7a8b9d4 to
24b1878
Compare
This PR adds a new
init(derBytes:)to initialise a private key in PKCS8 format from an array of DER bytes.