Skip to content

Custom private key #282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Juice805 wants to merge 35 commits into
base: main
Choose a base branch
from
Open

Custom private key #282

Juice805 wants to merge 35 commits into from

Conversation

@Juice805
Copy link

@Juice805 Juice805 commented Nov 10, 2025
edited
Loading

Motivation:

In some cases a developer may want to sign a certificate using a method other than a private key. For example: if a private key is protected by hardware which signs asynchronously.

Modifications:

  • Create CustomPrivateKey protocol
  • Create async initializers for Certificate and CertificateSigningRequest.
  • CustomPrivateKey can now back aCertificate.PrivateKey
  • Make Certificate.Signature initializer public

Result:

Developers can now sign a certificate with greater flexibility.

Alternatives Considered:

Implementations

Pass the CustomPrivateKey into Certificate and CertificateSigningRequest initializers directly.

There is concern this could add too much duplication of api.

Various names for the protocol:

  • Certificate.PrivateKeyProtocol and Certificate.AsyncPrivateKeyProtocol
  • Certificate.Signer/Certificate.AsyncSigner
  • Certificate.SignatureProvider/Certificate.AsyncSignatureProvider

Juice805 and others added 29 commits November 10, 2025 14:48
@Juice805
Certificate.Signer
7ada70d
@Juice805
AsyncSigner
fc55fb1
@Juice805
use some instead of any
418294d
@Juice805
public signature init
32ccb78
@Juice805
Add CSR initializers
e8c95ad
@Juice805
Signer → SignatureProvider
5054744
@Juice805
Certificate.SignatureProvider → Certificate.PrivateKeyProtocol
b344fd4
@Juice805
Fix CSR inits
2623976
@Juice805
formatting
f4eea46
@Juice805
rename file to match protocol name
d4db0e6
@Juice805
adopt Hashable
3797b50
@Juice805
Move protocols to root level
7265cfc 
Rename to CustomPrivateKey
@Juice805
Drop PrivateKey protocol conformance
5a1fec4
@Juice805
Rename file to match
0807f83
@Juice805
Merge CustomPrivateKey protocols
3dc6e3b
@Juice805
CustomPrivateKey backs Certificate.PrivateKey
939f1f9
@Juice805
signSynchronously
0df7335
@Juice805
require PEMSerializable adoption
2f2bb60
@Juice805 @Lukasa
Update Sources/X509/CustomPrivateKey.swift
bdaa274 
Co-authored-by: Cory Benfield <cbenfield@apple.com>
@Juice805
explicit self
d5aee23
@Juice805
always import import SwiftASN1 for CustomPrivateKey
327fd88
@Juice805
differentiate async and sync intializers
6269c6d
@Juice805
Update docs to match new arg names
0bb57aa
@Juice805
Make signAsynchronously default implementation
b9e729a
@Juice805
Async method bytes must be sendable
84da6ba
@Juice805
an initializer would be a good idea
ee0f956
@Juice805
CustomPrivateKeyTests
64c9352
@Juice805
verify defaultSignatureAlgorithm is forwarded properly
ec20d98
@Juice805
switch to swift-testing for new tests
8a254cd
@Lukasa Lukasa added the 🆕 semver/minor Adds new public API. label Dec 12, 2025
Lukasa
Lukasa reviewed Dec 12, 2025
View reviewed changes
@Juice805
Add missing @Test macros
b1faac8 
Motivation:

The new tests should be run

Modifications:

The new tests are missing the `@Test` macros

Result:

The new tests will have the `@Test` macros
@Juice805
Remove @inlinable from protocol definition
048e7b4 
Motivation:

Code should be clean

Modifications:

Removed `@inlinable` from protocol definition

Result:

protocol will not have `@inlinable`
@Juice805
add @inlinable to default signAsynchronously implementation
405c8e5 
Motivation:

Default implementation of signAsynchronously should be inlinable

Modifications:

adds `@inlinable` to default signAsynchronously implementation.

Result:

default signAsynchronously implementation will be `@inlinable`
@Juice805
Add note regarding signAsynchronously
4d583ad 
Motivation:

`signAsynchronously` should not it is not mandatory to implement

Modifications:

Updated documentation

Result:

`signAsynchronously` has better docs
dnadoba
dnadoba reviewed Dec 12, 2025
View reviewed changes
Sources/X509/CustomPrivateKey.swift
/// preference or security of the contained algorithms.
var supportedSignatureAlgorithms: [Certificate.SignatureAlgorithm] { get }

/// Use the private key to sign the provided bytes with a given signature algorithm.
Copy link
Member

@dnadoba dnadoba Dec 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How is an async only private key supposed to implement this function? Should it throw or block instead?
Should this be separate protocols for async and sync keys?

some documentation/guidance for conforming types and callers of this function would be good.

Copy link
Author

@Juice805 Juice805 Dec 13, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That was my original implementation. I believe the concern was it could lead to too much api duplication.

I will add documentation to guide the developer to throw an error in the case of unsupported synchronous signing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Lukasa Lukasa Lukasa left review comments

@dnadoba dnadoba dnadoba left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

🆕 semver/minor Adds new public API.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Juice805 @Lukasa @dnadoba