Denis Kenzior <denk...@gmail.com> wrote: > > Yes. It shouldn't be much code, either. You still have to check for X.509 > > DER since the kernel currently supports that. > > For reasons of backward compatibility, correct? The kernel also has > mscode.asn1 which we would need to support as well. Since we can't break > compatibility then perhaps this doesn't buy us a whole lot in the end.
Don't worry about mscode - that's not an asymmetric key parser. That's only ever used directly from verify_pefile_signature(). Currently, we have to retain support for DER-encoded X.509. But there's no reason we can't have a PEM parser that decodes the PEM and selects X.509, PKCS#8 or TPM based on the ascii header in that. PKCS#8 and TPM don't need to take DER directly. David
