The privatekey package is used from two locations:
- cmd/admin/ uses it to load compromised keys which are about to be blocked
- issuance/ uses it to load CA keys from files on disk (intended to be test-only, since production keys live on HSMs)
These two callers have very different needs. In particular, while it might make sense to sign a nil message to verify that the loaded key actually functions as a private key when that key is already compromised and about to be blocked... it does not make sense to do so when the loaded key is intended to be a (test) CA key.
We should split the privatekey package's code into its two calling locations, and ensure that potentially dangerous functionality like "sign a nil message" is not exposed as a general purpose package by deleting the privatekey package.
The
privatekeypackage is used from two locations:These two callers have very different needs. In particular, while it might make sense to sign a nil message to verify that the loaded key actually functions as a private key when that key is already compromised and about to be blocked... it does not make sense to do so when the loaded key is intended to be a (test) CA key.
We should split the privatekey package's code into its two calling locations, and ensure that potentially dangerous functionality like "sign a nil message" is not exposed as a general purpose package by deleting the privatekey package.