Problem
<ds:RSAKeyValue> is currently recognized only as a marker. Its modulus and exponent are discarded, and DefaultKeyResolver cannot verify signatures that provide an embedded RSA key without a certificate.
Implementation
- Parse ordered
<ds:Modulus> and <ds:Exponent> CryptoBinary values with bounded XML Base64 decoding.
- Expose unsigned big-endian modulus and exponent through
KeyValueInfo.
- Convert valid parameters into RSA SubjectPublicKeyInfo DER using the existing pure-Rust
rsa crate.
- Resolve embedded RSA keys only for RSA signature methods and fail closed for malformed, weak, or incompatible keys.
- Verify the Merlin enveloping RSA donor vector end-to-end without a preset key.
- Update ROADMAP/DEVLOG after full verification.
Acceptance criteria
- Valid RSAKeyValue parameters are preserved exactly after Base64 decoding.
- Missing, reordered, duplicated, wrong-namespace, nested, empty, malformed, and oversized values are rejected with typed processing errors.
- The donor RSAKeyValue signature verifies through
DefaultKeyResolver.
- ECDSA methods reject RSAKeyValue with an algorithm mismatch.
cargo check, clippy, nextest, doctests, and build pass.
Estimate
2d 4h including implementation, regression and integration tests, review overhead, and documentation updates.
Problem
<ds:RSAKeyValue>is currently recognized only as a marker. Its modulus and exponent are discarded, andDefaultKeyResolvercannot verify signatures that provide an embedded RSA key without a certificate.Implementation
<ds:Modulus>and<ds:Exponent>CryptoBinary values with bounded XML Base64 decoding.KeyValueInfo.rsacrate.Acceptance criteria
DefaultKeyResolver.cargo check, clippy, nextest, doctests, and build pass.Estimate
2d 4hincluding implementation, regression and integration tests, review overhead, and documentation updates.