ExIcaoVds.Signers.LocalKey
(ex_icao_vds v0.3.2)
Copy Markdown
Signer backed by local key material (PEM private key or raw EC key bytes).
Config keys
| Key | Description |
|---|---|
:private_key | Raw EC private key binary (32 bytes for P-256) |
:private_key_pem | PEM-encoded private key binary |
:private_key_path | Path to a PEM private key file |
:curve | Erlang curve atom, default :secp256r1 |
:algorithm | :ecdsa_p256_sha256 (default) or :ecdsa_p384_sha384 |
:signer_identifier | Signer ID string written into the header |
:key_reference | Key reference string written into the header |
:certificate_reference | Certificate reference bytes (X.509 mode) |
Never set :private_key or :private_key_pem from user-controlled input.
Use {:system, "ENV"} resolution via ExIcaoVds.Config.resolve_secret/1 before
passing to this signer.