Hi David,
It passes it to each parser in turn till one says it can parse it. It's not ideal, but it seems to work - so far. Better would be to annotate it in some way. I have considered annotating the type field so that the payload doesn't have to have it added:keyctl padd asymmetric.x509 "" @s </tmp/foo.x509 keyctl padd asymmetric.pkcs#8 ... keyctl padd asymmetric.tpm ... However, this doesn't work with "keyctl update" or "keyctl instantiate".
In theory the PEM file already contains the type of the certificate, at least at a high level. E.g. private, public, tpm. So if we accept PEM files directly that could be potentially a faster way of determining the parser to use and would still work with keyctl update/instantiate, right?
Regards, -Denis
