On Sun, Nov 20, 2022 at 02:12:34PM -0600, Nico Williams wrote:
> > Generally, I would expect d2i_... to automatically detect the algorithm
> > when tagged with a suitable OIDs, and so d2i_AutoPrivateKey() could
> > often work, but if you know the expected key type, you can ask for
> > that explici
On Thu, Oct 06, 2022 at 05:09:21PM +, John Gray wrote:
> For a use case like an HSM or TPM where private keys can never leave
> rules out option 1 (plus who wants to send their private key anyway
> unless it is for server backup or escrow purposes). Option 3 would
> work but is bad for CT log