Bug: public-to-private key mapping is not reliable in LocalKeyVault

[lukpueh]

What happened?

LocalKeyVault.get returns a "matching" private key for a passed public key. Keys are assumed to match, if the private key object can be constructed with the public key object as input:

repository-service-tuf-worker/repository_service_tuf_worker/services/keyvault/local.py

Lines 198 to 207 in a3f4553

	try:
	sslib_signer = SSlibSigner.from_priv_key_uri(
	priv_key_uri,
	sslib_public_key,
	self._secrets_handler(key.password),
	)
	valid_key = True
	except CryptoError:
	logging.error("Key didn't match")
	continue

This assumption is invalid, because the constructor factory does not guarantee to fail, if keys don't match.

As a consequence, the produced signatures may become unverifiable. This is because signatures are assigned the keyid of the public key attached to the used signer. This keyid is then used at verification time by the TUF client to find the matching public key in TUF delegator metadata. If the public key with that keyid didn't match at signing time it won't match at verification time either.

What steps did you take?

No response

What behavior did you expect?

Reliably map public and private keys using public key keyids in private key configuration.

Relevant log output

No response

Code of Conduct

• I agree to follow this project's Code of Conduct