feat: support for key/certificate types RSA, Ed25519, ECDSA

This also automatically derives key type and certificate signature algorithm when possible. Option to select signature algorithm and key type should only be passed usually when generating new CA or key. Key/cert types: * default - Ed25519 * `x509.RSA(true)` - RSA * `x509.ECDSA(true)` - ECDSA Signed-off-by: Andrey Smirnov <[email protected]>
siderolabs · Feb 2, 2021 · 39584f1 · 39584f1
1 parent cf75519
commit 39584f1
Show file tree

Hide file tree

Showing 3 changed files with 406 additions and 99 deletions.
diff --git a/x509/constants.go b/x509/constants.go
@@ -8,3 +8,16 @@ import "time"
 
 // DefaultCertificateValidityDuration is a default certificate lifetime.
 const DefaultCertificateValidityDuration = 24 * time.Hour
+
+// PEM Block Header Types.
+const (
+	PEMTypeRSAPrivate     = "RSA PRIVATE KEY"
+	PEMTypeRSAPublic      = "PUBLIC KEY"
+	PEMTypeECPrivate      = "EC PRIVATE KEY"
+	PEMTypeECPublic       = "EC PUBLIC KEY"
+	PEMTypeEd25519Private = "ED25519 PRIVATE KEY"
+	PEMTypeEd25519Public  = "ED25519 PUBLIC KEY"
+
+	PEMTypeCertificate        = "CERTIFICATE"
+	PEMTypeCertificateRequest = "CERTIFICATE REQUEST"
+)