Architecture surrounding keys

[waltkb]

Keys in general:

• Private keys do not have a method to get the public key from them
• There does not exist a common public, or private key supertype
• Perhaps a secret key supertype would be useful to incorporate as well

RSA:

• RSA key pair generation involves an optional digest (hash) algorithm
• RSA public/private key decoders require a digest (hash) algorithm
• RSA PEM Key Encoding/Decoding: Client needs to know if PEM encoded string is in PKCS1 or in PKCS8 format.
• RSA keys do not expose methods/fields for their parameters
• RSA keys are bound to a specific signature/encryption scheme
• RSA signatures with short keys (<= 1040 bits) lead to an exception

HMAC:

• HMAC key generation cannot be parameterized (bit size and/or externally provided secret key)
• HMAC default generated key bit size values, while fine in length, coincide with block size (they are too big, and can be shortened)

[whyoleg]

Thanks for opening the issue!
Most of the points are planned to be resolved/investigated for the next major feature release which should improve support for key management.
I've added it to milestone which contains other issues related to key management which should be kept in mind during implementation and API design