Signing functions in the signature and x509 modules often take PrivateKey parameters, using them in a software implementation of the signature protocol. This is an issue because it's common for signing to only be possible via some external method (think smart cards, TPMs, HSMs, SGX enclaves etc); these services try to mitigate the risk of secret key leakage by binding keys to a piece of hardware, providing an interface only for signing and not for private key extraction. It would be nice if picky supported these sorts of external signing methods as well.
For reference, Sequoia seems to do this pretty well: there is a Signer trait that is accepted by functions like SignatureBuilder::sign_hash.
(I realise that this sort of thing might entail significant API churn for which there's not likely to be much appetite; it'd be a nice feature for v8.0, though!)
Signing functions in the
signatureandx509modules often takePrivateKeyparameters, using them in a software implementation of the signature protocol. This is an issue because it's common for signing to only be possible via some external method (think smart cards, TPMs, HSMs, SGX enclaves etc); these services try to mitigate the risk of secret key leakage by binding keys to a piece of hardware, providing an interface only for signing and not for private key extraction. It would be nice if picky supported these sorts of external signing methods as well.For reference, Sequoia seems to do this pretty well: there is a
Signertrait that is accepted by functions likeSignatureBuilder::sign_hash.(I realise that this sort of thing might entail significant API churn for which there's not likely to be much appetite; it'd be a nice feature for v8.0, though!)