feat(certificates): introduce support for a new `Certificates -> Priv…

…ate Keys` utility API

Private Keys is a new utility within the Digital Certificates bundle, enabling users to generate
RSA, DSA, EC, and Ed25519 private keys. These keys can later be used to create X.509 certificates.
Private keys can be optionally protected by a passphrase, which can be changed. They are stored in
an encrypted form within the database using the PKCS#8 AES algorithm (aes_256_cbc). Additionally,
private keys can be exported in PEM, PKCS#8, or PKCS#12 formats, with optional encryption.

Cargo.toml

@@ -50,6 +50,7 @@ serde_repr = "0.1.16"
 serde_with = "3.3.0"
 sqlx = "0.7.2"
 tantivy = "0.21.0"
+thiserror = "1.0.49"
 time = "0.3.30"
 tlsh2 = "0.3.0"
 tokio-cron-scheduler = "0.9.4"

migrations/20231015195044_certificates_private_keys.sql

@@ -0,0 +1,16 @@
+-- Register a new `Private keys` utility under `Digital certificates` and re-order certificate
+-- utilities so that `Self-signed certificates` goes after `Private keys`.
+UPDATE utils SET id = 11 WHERE id = 5;
+INSERT INTO utils (id, handle, name, keywords, parent_id) VALUES
+    (5, 'certificates__private_keys', 'Private keys', 'private keys openssl encryption pki rsa dsa ec ecdsa curve ed25519 pkcs8 pkcs12 pem', 4);
+
+-- Create table to store private keys.
+CREATE TABLE IF NOT EXISTS user_data_certificates_private_keys
+(
+    name            TEXT NOT NULL COLLATE NOCASE,
+    alg             BLOB NOT NULL,
+    pkcs8           BLOB NOT NULL,
+    created_at      INTEGER NOT NULL,
+    user_id         INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    PRIMARY KEY     (name, user_id)
+) STRICT;