You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While following along with the code in the crypto_util modules in acme and certbot, I was very confused by the references to the private key as the "Key to include in the CSR", since the public key is the one included in the CSR.
The reference to the private key continues until this call in acme.crypt_util
The set_pubkey() method of the crypto.X509Req class accepts the OpenSSL.crypto.PKey class as argument. And that PKey can be a public key orkey pair. When a key pair (private key) is used, it will extract the public key from the private key.
Notice how the private_key variable is really a private key, as it's being loaded from crypto.load_privatekey() and is also used by the csr.sign() method, which obviously requires a private key.
Thus the variable name is actually quite correct and personally I don't find it really confusing in the preamble of generate_csr() to be honest, as everybody knows it's the public part of the key pair/private key that gets embedded in the CSR.
While following along with the code in the crypto_util modules in acme and certbot, I was very confused by the references to the private key as the "Key to include in the CSR", since the public key is the one included in the CSR.
The reference to the private key continues until this call in acme.crypt_util
certbot/acme/acme/crypto_util.py
Line 272 in 873f979
Since it appears that the public key is the one being used, is it appropriate to refer to it as a public_key/pubkey rather than a private_key/privkey?
Will you accept a PR to change the variable name for purposes of clarity?
The text was updated successfully, but these errors were encountered: