Investigate using python-jks instead instead of keytool for certain use-cases
There's a pretty mature python library for interacting with java (jks) keystores: https://github.com/kurtbrose/pyjks
Depending on keytool
in general is annoying as it makes us depend on the Java JDK vs only the JRE (Or when we manage to solve #94) even that would be optional.
This library would not cover interacting with PKCS11 (HSM/smartcard) keystores. This would either still require keytool
, or rewriting the pkcs11 interacting using other tools (pkcs11-tool from opensc project, openssl binding through pkcs11 engine, ...).