Implement From<KeyPair> for PrivateKeyDer<'static>

[LebedevRI]

I've stumbled into this when trying to write a simple rustls-driven server with self-signed cert.

The "obvious" and safe way to go from KeyPair to PrivateKeyDer seems to round-tripping via PEM:

rustls::pki_types::PrivateKeyDer::from_pem_slice(
            signing_key.serialize_pem().as_bytes(),
        )

But rcgen::key_pair::KeyPair::serialized_der() is

/// Returns a reference to the serialized key pair (including the private key)
/// in PKCS#8 format in DER

and PrivateKeyDer can be constructed from such a input.
This avoids memory allocation and PEM roundtripping,
both of which are optional features anyways,
and this conversion is non-failing.

Perhaps it makes sense to provide this QOL interface?

[djc]

What is your use case for this exactly? We typically prefer not to use shared (immutable) references to propagate private key material, instead transferring it by ownership only. The current rcgen is not so strict in this regard, but I'd prefer not to make it worse, and it seems like you can already do what you need today (I think the easier route would be PrivatePkcs8KeyDer::from(key.serialized_der()).to_owned().

[LebedevRI]

What is your use case for this exactly?

        let rcgen::CertifiedKey { cert, signing_key } =
            Self::generate_tls_key()?;

        let certs = vec![cert.der().clone()];

// \/
        let key = rustls::pki_types::PrivateKeyDer::from_pem_slice(
            signing_key.serialize_pem().as_bytes(),
        )?;

        let config = rustls::ServerConfig::builder()
            .with_no_client_auth()
            .with_single_cert(certs, key)?;
// /\

We typically prefer not to use shared (immutable) references to propagate private key material, instead transferring it by ownership only. The current rcgen is not so strict in this regard, but I'd prefer not to make it worse, and it seems like you can already do what you need today (I think the easier route would be PrivatePkcs8KeyDer::from(key.serialized_der()).to_owned().

Well, if this is intentional, then okay i guess. But this really seems odd from the outside.

[djc]

I would be open to taking a From<KeyPair> for PrivateKeyDer<'static>.

[LebedevRI]

I would be open to taking a From<KeyPair> for PrivateKeyDer<'static>.

Okay, is this what you had in mind?

[LebedevRI]

@djc thank you for taking a look!

[djc]

(We're using the merge queue to rebase, so we'll need all the commits to be squashed into a single one.)

[LebedevRI]

@djc thank you!

[djc]

@est31 ping?