I have a question:
PrivKey intf. extends
If using a custom
PrivKey impl, libp2p libraries would know about its raw bytes which, in case of a tampered libp2p source code, might easily be leaked.
I know that
PrivKeys rely on Key functionality for storing/retrieving to/from peerstore and that a mechanism for
Equal is still needed, but I think these can be modified as to not store private keys as raw bytes (instead it can be stored directly as
crypto.PrivKey) and for
Equal, each might provide a sort of identifier mechanism (maybe a Sha256 applied over the raw bytes of the private key).
The reason for this question being asked is that, for a protocol that uses libp2p as p2p network stack and the presence of a higher level functionality (that signs/verify data), we might end up using 2 different sets of private/public keys.
libp2p encourage changing in a frequently manner the private/public key used by libp2p stack but this only over complicates the higher protocol by always having to map a particular
peer.ID to its corresponding higher level public key.