Skip to content

Admin: Support multiple private keys in a file #8550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mcpherrinm wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Admin: Support multiple private keys in a file #8550

mcpherrinm wants to merge 3 commits into from

Conversation

@mcpherrinm
Copy link
Contributor

@mcpherrinm mcpherrinm commented Jan 9, 2026

Occasionally we need to bulk-revoke private keys.
The PEM format naturally allows for multiple private keys, so extend the admin
tool to support multiple keys in a file for revoke-by-key and block-by-key.

@mcpherrinm
Admin: Support multiple private keys in a file
2848f73 
Occasionally we need to bulk-revoke private keys.
The PEM format naturally allows for multiple private keys, so extend the admin
tool to support multiple keys in a file for revoke-by-key and block-by-key.
@mcpherrinm mcpherrinm requested a review from a team as a code owner January 9, 2026 02:06
@mcpherrinm mcpherrinm requested a review from jsha January 9, 2026 02:06
aarongable
aarongable reviewed Jan 9, 2026
View reviewed changes
@mcpherrinm
Review feedback: pluralization, errors
9c24954 
Make spkiHashesFromPrivateKeys include which key failed parsing/hashing.

Ensure updated functions have matching pluralization

better variable name keyPEMs
@mcpherrinm mcpherrinm requested a review from Copilot January 9, 2026 22:06
Copilot AI reviewed Jan 9, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends the admin tool to support multiple private keys in a single PEM file for bulk revocation and blocking operations. The PEM format naturally supports multiple entries, and this change enables more efficient bulk operations when multiple keys need to be revoked or blocked simultaneously.

Key changes:

  • Refactored privatekey.Load to extract a new LoadDER function that can process individual PEM blocks
  • Updated spkiHashesFromPrivateKeys and serialsFromPrivateKeys to iterate through all keys in a file
  • Added comprehensive test coverage for multiple keys with different encoding formats (PKCS8 ECDSA, PKCS8 RSA, PKCS1 RSA)

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
privatekey/privatekey.go Extracted LoadDER function to enable parsing individual PEM blocks; updated error messages to reference PEM block type instead of file path
cmd/admin/key.go Refactored spkiHashesFromPrivateKeys to loop through multiple PEM blocks in a file and compute hashes for each key
cmd/admin/cert.go Updated serialsFromPrivateKeys to fetch serials for multiple keys and aggregate results
cmd/admin/key_test.go Enhanced test to validate multiple keys with different formats (PKCS8 ECDSA/RSA, PKCS1 RSA)
cmd/admin/cert_test.go Updated test function name to reflect new plural function name

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mcpherrinm mcpherrinm requested a review from aarongable January 9, 2026 22:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@aarongable aarongable aarongable approved these changes

@jsha jsha Awaiting requested review from jsha jsha is a code owner automatically assigned from letsencrypt/boulder-developers

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mcpherrinm @aarongable