Bug: Can't recreate acceptable public & private keys

[rjzak]

Steward is able to read the test certificate and private keys used for testing, and can generate a temporary keys for testing. However, creating new keys with openssl, xca, or tinyca continuously fail to be usable by Steward. When Steward is able to read and parse the keys, it fails on PrivateKeyInfo::signs_with() in attest() despite using 256- and 384-bit NIST SECP elliptic curves, which should work according to https://github.com/profianinc/steward/blob/main/src/crypto/pki.rs#L87.

The keys in drawbridge/testdata don't work, since they're Ed25519 curves, which aren't supported (and I don't see how that curve is getting selected from the test data script and config files).

@npmccallum

[npmccallum]

@rjzak Which line of code in steward is failing? That will tell you what is missing/incorrect.

[rjzak]

This function, but doesn't help with figuring out the arguments needed to create the key:

fn signs_with(&self) -> Result<AlgorithmIdentifier<'_>> {
    match self.algorithm.oids()? {
        (ECPK, Some(P256)) => Ok(ES256),
        (ECPK, Some(P384)) => Ok(ES384),
        (o, _) => return Err(anyhow!("unsupported OID: {}", o)), //added by me to get more info
    }
}

Prior attempts gave me OIDs 1.3.101.112 or 1.2.840.113549.1.1.1, or I would get Error: unexpected ASN.1 DER tag: expected SEQUENCE, got OCTET STRING at DER byte 5 when parsing the private key.