This does not actually change how the informers work. This also adds a partial metadata client to root context
Signed-off-by: irbekrm <irbekrm@gmail.com>
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.
There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
* Added KeyEncoding spec value to Certificate type.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added validation for Certificate Spec field KeyEncoding.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added Encoding PKCS8 function for encoding private keys in generate.go.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Modified the call to the private key encoding function for each issuer in issue.go to pass in the extra KeyEncoding field.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added case for decoding pkcs8 key.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Converting decoded PKCS8 key into crypto.Signer.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added debugging log statements for decoding private keys.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Log messages for decoding private keys.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added logs for decoding private keys.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added debug logs.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Add debug logs.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Modified keys package.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed the key converter to the ssh package.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Testing decoding as pkcs1 key instead.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Trying to convert to crypto.Signer for PKCS8.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Converting to rsa.PrivateKey.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed return to type private key.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changing parsing.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Cleaned up logs.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed logging info.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed debug logging.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fix parse test for new pkcs8 support.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed extra lines.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed extra lines and spaces.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed duplicate PKCS8 functions.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed the KeyEncoding field from an int to a string.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed issue.go for issuers to pass in the certificate when encoding private key.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Corrected capitalization of Spec.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed the error message to use the correct variable.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fixed selfsigned issue.go to pass in certificate object instead of the keyEncoding.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed error format.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed test to pass in certificate variable into encoding private key function.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fixed syntax issue.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed parameter for encode private key function in parse_test.go.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fixed parse test for encode private key function.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed invalid syntax.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Moved the if statement.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Cleaned up go-fmt errors.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Ran bazel run //hack:update-reference-docs.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed encode private key to take keyEncoding instead of certificate.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed setting keyEncoding for ca issue test.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fixing passing in the correct type for encoding private key.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fixing passing in the correct type for encoding private key.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fixed parameter passed into encode private key for parse test.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added unit test for encoding different private key types.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed key encoding field from existing test.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added KeyEncoding spec value to Certificate type.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added validation for Certificate Spec field KeyEncoding.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added Encoding PKCS8 function for encoding private keys in generate.go.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Modified the call to the private key encoding function for each issuer in issue.go to pass in the extra KeyEncoding field.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added case for decoding pkcs8 key.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Converting decoded PKCS8 key into crypto.Signer.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added debugging log statements for decoding private keys.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Log messages for decoding private keys.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added logs for decoding private keys.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added debug logs.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Add debug logs.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Modified keys package.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed the key converter to the ssh package.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Testing decoding as pkcs1 key instead.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Trying to convert to crypto.Signer for PKCS8.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Converting to rsa.PrivateKey.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed return to type private key.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changing parsing.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Cleaned up logs.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed logging info.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed debug logging.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fix parse test for new pkcs8 support.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed extra lines.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed extra lines and spaces.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed duplicate PKCS8 functions.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed the KeyEncoding field from an int to a string.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed issue.go for issuers to pass in the certificate when encoding private key.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Corrected capitalization of Spec.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed the error message to use the correct variable.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fixed selfsigned issue.go to pass in certificate object instead of the keyEncoding.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed error format.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed test to pass in certificate variable into encoding private key function.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fixed syntax issue.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed parameter for encode private key function in parse_test.go.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fixed parse test for encode private key function.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed invalid syntax.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Moved the if statement.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Cleaned up go-fmt errors.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Ran bazel run //hack:update-reference-docs.
Signed-off-by: Crystal Chun <crystalchun@crystals-mbp.raleigh.ibm.com>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Changed encode private key to take keyEncoding instead of certificate.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed setting keyEncoding for ca issue test.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fixing passing in the correct type for encoding private key.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fixing passing in the correct type for encoding private key.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fixed parameter passed into encode private key for parse test.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added unit test for encoding different private key types.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed key encoding field from existing test.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed syntax error for declaring constant.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Moving private key all to one line.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added commas after each test case and changed the private key to a pkcs1 rsa private key.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fixed test errors.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added default error.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Predefined actualEncoding variable.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Undeclared actualEncoding variable.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Declared actualEncoding variable to nil.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Declared actualEncoding variable to empty key encoding type.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fixed unit test.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Ran update go-fmt.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Added e2e test for pkcs8 certificate.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Removed unused variable.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Creating issue in pkcs8 e2e test.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Fixing no new variables on the left side of := for err variable.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* Updated docs to mention the key encoding field.
Signed-off-by: Crystal Chun <crystalchun@Crystals-MacBook-Pro.local>
* change venafi issuer to support different cert encoding
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
* update crds
Signed-off-by: Daniel Morsing <dmo@jetstack.io>
- This PR adds two fields to CertificateSpec:
- `keyAlgorithm`, denotes which algorithm to use when generating
a private key. Can be either `rsa` or `ecdsa`. When not set, the
default algorithm used `rsa`.
- `keySize`, denotes the key size of the private key being generated.
For `rsa`, minimum key size is 2048 and maximum is 8192.
For `ecdsa`, sizes 224, 256, 384 & 521 are supported.
See https://golang.org/pkg/crypto/elliptic
- `keySize` can be set without being explicit about `keyAlgorithm`.
- If `keySize` is specified and `keyAlgorithm` is not provided, `rsa` will
be used as the key algorithm.
- `keyAlgorithm` can be set without being explicit about `keySize`.
- If `keyAlgorithm` is specified and `keySize` is not provided, key size
key size of `256` will be used for `ecdsa` key algorithm and
key size of `2048` will be used for `rsa` key algorithm.
- helper functions in `pki` package now return crypto.PrivateKey
