API for loading and managing keys from files

[adityasaky]

go-tuf doesn't currently provide an API to load existing keys from files. It'd be great to be able to load keys from files into their data.PrivateKey or data.PublicKey representations.

[udf2457]

Yes, for people who use PKCS#11 (e.g. Yubikey) or cloud HSM (e.g AWS KSM or Azure KV) it would be very useful to be able to:

1. Load pubkey representations (i.e. provide pem file and it gets parsed into the correct format)
2. Load external signatures (I.e. provide hex string which gets parsed into correct format)

[asraa]

+1, we currently handwrite the data.PublicKey conversions for the HSMs we use.

I agree that loading a PEM file or other pubkey representaitons into a public key would be great to start.

[udf2457]

For signatures, a good reference point would be to support the --signature-format output options from pkcs11-tool seeing as pkcs11-tool is a widely used reference implemenation:

--signature-format format
Format for ECDSA signature: 'rs' (default), 'sequence', 'openssl'.

[trishankatdatadog]

This should be a go-securesystemslib issue IMHO

[rdimitrov]

Closing since the code base changed and this is now fixed.

Thanks for raising this 👍