Skip to content

Custom private key #282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 29 commits into
base: main
Choose a base branch
from
Open

Custom private key #282

wants to merge 29 commits into from

Conversation

@Juice805
Copy link

@Juice805 Juice805 commented Nov 10, 2025

Motivation:

In some cases a developer may want to sign a certificate using a method other than a private key. For example: if a private key is protected by hardware which signs asynchronously.

Modifications:

  • Create CustomPrivateKey protocol
  • Create async initializers for Certificate and CertificateSigningRequest.
  • CustomPrivateKey can now back aCertificate.PrivateKey
  • Make Certificate.Signature initializer public

Result:

Developers can now sign a certificate with greater flexibility.

Alternatives Considered:

Implementations

Pass the CustomPrivateKey into Certificate and CertificateSigningRequest initializers directly.

There is concern this could add too duplication of api.

Various names for the protocol:

  • Certificate.PrivateKeyProtocol and Certificate.AsyncPrivateKeyProtocol
  • Certificate.Signer/Certificate.AsyncSigner
  • Certificate.SignatureProvider/Certificate.AsyncSignatureProvider

Juice805 and others added 29 commits November 10, 2025 14:48
@Juice805
Certificate.Signer
7ada70d
@Juice805
AsyncSigner
fc55fb1
@Juice805
use some instead of any
418294d
@Juice805
public signature init
32ccb78
@Juice805
Add CSR initializers
e8c95ad
@Juice805
Signer → SignatureProvider
5054744
@Juice805
Certificate.SignatureProvider → Certificate.PrivateKeyProtocol
b344fd4
@Juice805
Fix CSR inits
2623976
@Juice805
formatting
f4eea46
@Juice805
rename file to match protocol name
d4db0e6
@Juice805
adopt Hashable
3797b50
@Juice805
Move protocols to root level
7265cfc 
Rename to CustomPrivateKey
@Juice805
Drop PrivateKey protocol conformance
5a1fec4
@Juice805
Rename file to match
0807f83
@Juice805
Merge CustomPrivateKey protocols
3dc6e3b
@Juice805
CustomPrivateKey backs Certificate.PrivateKey
939f1f9
@Juice805
signSynchronously
0df7335
@Juice805
require PEMSerializable adoption
2f2bb60
@Juice805 @Lukasa
Update Sources/X509/CustomPrivateKey.swift
bdaa274 
Co-authored-by: Cory Benfield <cbenfield@apple.com>
@Juice805
explicit self
d5aee23
@Juice805
always import import SwiftASN1 for CustomPrivateKey
327fd88
@Juice805
differentiate async and sync intializers
6269c6d
@Juice805
Update docs to match new arg names
0bb57aa
@Juice805
Make signAsynchronously default implementation
b9e729a
@Juice805
Async method bytes must be sendable
84da6ba
@Juice805
an initializer would be a good idea
ee0f956
@Juice805
CustomPrivateKeyTests
64c9352
@Juice805
verify defaultSignatureAlgorithm is forwarded properly
ec20d98
@Juice805
switch to swift-testing for new tests
8a254cd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Juice805