Library vs. command in the code-base
We probably want to split this project into a "library" part and a "command" part, to make it easier for us to use the code in various places.
Library code should not assume anything about reading files from disk, that is part of command line tools to deal with.
This means that our API's should be migrated to either pass around blobs of Vector or String<>, and/or some kind of cert/x509 object depending.
Assuming that certs and csr are stored in a database (sqlite on a mobile device) and that private keys come from a system keychain, it might be best to use blobs rather than explicit key-types.
This is a change for post 1.0 release.