I'm building a CertificateListBuilder but this requires that python-pkcs11.types.PrivateKey be an instance of asn1crypto.keys.PrivateKeyInfo or oscrypto.asymmetric.PrivateKey.
How to do? This is possible?
In addition, I would like to know if the private key used to sign the CRL may be different from the issuer's subject key identifier. Clarify:
I have a USB token containing certificates (the chain of trust).
In this token, I have a certificate (let's call it a certificate "A") with cA: False. This certificate "A" does not have the subject key identifier extension. I will therefore use the subject key identifier of the issuer of certificate "A".
I have to use this certificate "A" to sign attribute certificates (RFC 5755). I'm using CertificateListBuilder from https://github.com/wbond/crlbuilder and it requires that the private key be one of the above instances to sign the crl file.
So, even though I can convert RsaPrivateKey python-pkcs11 to one of these instances, I would like to know if everything will be fine, because the certificate revocation list will be signed with the private key of certificate "A" but have the subject key identifier of the issuer of certificate "A".