Given that certificates are basically wrappers of public keys with some additional information, can we also provide the path to the public key directly in the configuration for this verification, or does the signature checking somehow rely on the certificate wrapper?
At the moment, we only support certificates but I don’t believe there is a strong reason for that, we just extract the key out of the certificate and ignore everything else. Is there a particular reason why you cannot generate a certificate for your key?