I'd like to have a way to create a fully deterministic certificate from a given seed. We use WebRTC to establish p2p connections and want to embed the certificate hash in the address information that we are passing around. Each node already has a cryptographic identity and I'd like to generate a deterministic certificate from that via a HKDF.
In an ideal world, rcgen exposes a Certificate::from_seed function and uses the provided seed to bootstrap all randomness inside. That would keep implementation details like ring contained within the library.
Alternatively, we can expose the randomness and let users deal with passing a seeded, deterministic RNG.
Thoughts?
I'd like to have a way to create a fully deterministic certificate from a given seed. We use WebRTC to establish p2p connections and want to embed the certificate hash in the address information that we are passing around. Each node already has a cryptographic identity and I'd like to generate a deterministic certificate from that via a HKDF.
In an ideal world,
rcgenexposes aCertificate::from_seedfunction and uses the provided seed to bootstrap all randomness inside. That would keep implementation details likeringcontained within the library.Alternatively, we can expose the randomness and let users deal with passing a seeded, deterministic RNG.
Thoughts?