Skip to content
GitLab
Closed
Issue created by Paolo Pantellini@paolo.pantelliniMaintainer

Reorganize the storage and handling of certificates

  1. Before being inserted in the database, no matter the format in which it was given, a certificate should be parsed into tls.Certificate so that it can be validated. SSH public/private keys should be parsed into ssh.PublicKey/ssh.Signer.

  2. Since they are now parsed before insertion, certificates should now be stored in ASN.1 format (instead of whatever format the user gave). Not only would it be more consistent, but this would also remove the need to decode them after retrieving them from the database. If possible, the certification chain should be stored alongside the certificate.

  3. A new 'signature' column should be added to the 'certificates' table. When inserting a certificate in the database, a signature of the certificate should be computed and then stored in that new column. This will allow the gateway to retrieve a certificate from the database by using its signature.

Edited by Paolo Pantellini
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information