Currently, the Signer interface does not prescribe the internal data structure of a signer implementation. This is because a signer is responsible for one thing only -- signing, and can be completely decoupled from private key data, and mostly decoupled from public key data.
The latter actually is part of the interface method from_priv_key_uri, which is the canonical way of loading signers, and is usually based on information from the public key (e.g. keytype/scheme).
While signers don't necessarily require the full public key object once loaded, all current implementations 1 do cache and use it for signing, usually to dispatch on scheme, and assign keyid to the resulting signature.
If we add the de-facto interface field public_key: Key indeed to the interface, signers could also be used to verify their signatures, for which use cases exist 2.
The alternative to this proposed change would be to introduce a container format for "signer, public key"-tuples. Although, this seems unnecessary, if most signer already contain the public key.
Currently, the Signer interface does not prescribe the internal data structure of a signer implementation. This is because a signer is responsible for one thing only -- signing, and can be completely decoupled from private key data, and mostly decoupled from public key data.
The latter actually is part of the interface method
from_priv_key_uri, which is the canonical way of loading signers, and is usually based on information from the public key (e.g. keytype/scheme).While signers don't necessarily require the full public key object once loaded, all current implementations 1 do cache and use it for signing, usually to dispatch on scheme, and assign keyid to the resulting signature.
If we add the de-facto interface field
public_key: Keyindeed to the interface, signers could also be used to verify their signatures, for which use cases exist 2.The alternative to this proposed change would be to introduce a container format for "signer, public key"-tuples. Although, this seems unnecessary, if most signer already contain the public key.
Footnotes
With the exception of
SSlibSigner, which could easily provide an alias forpublic_keyusing the internal data structure, and might even become obsolete (see Add replacement API for '*keys' and 'interface' key generation and import #604) ↩runlib.in_toto_record_stopneeds to verify preliminary link metadata, and then re-sign it. ↩