Add additional docs to clarify key generation and format for config file

[wgoulet]

This is a documentation enhancement to help folks understand how to convert the log public/private keys into the correct format in the ctfe config file. It took a lot of trial and error for me to figure out how to do this and I finally dug up this comment in an older open issue: #780.

Checklist

• I have updated the CHANGELOG.
  • Adjust the draft version number according to semantic versioning rules.
• I have updated documentation accordingly.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[phbnf]

/gcbrun

[phbnf]

Agreed with you that this is how to convert the keys to a hex format that can be specified in the config. It should be possible to pass the keys directly with the pem file though, without having to go through the whole conversion: https://github.com/wgoulet/certificate-transparency-go/blob/551ff912277a60b5fef9f4c6379084ac7aa27b5b/trillian/docs/ManualDeployment.md#ctfe-configuration

Is the hex hex key required anywhere else?

[wgoulet]

@phbnf At least for the Trillian deployment I was able to deploy using these instructions, I only needed to put the hex hex keys in the proto config file for ctfe to get the service running. I didn't have to deviate from instructions to get the log signer or server running.

[phbnf]

Yes indeed, I tried to use the file directly.. and it did not work. I could not get the public key in, and eventually ran into https://github.com/google/trillian/blob/master/crypto/keys/pem/pem.go#L35 for the private key. Many thanks for flagging this.

For the record, here is the matching command for the public key, it's ever so slightly different:

openssl ec -pubin -inform pem -in pubkey.pem -outform der -out pubkey.der

Two things of note:

1. You'll need to sign the CLA, see the workflow that is failing: We couldn't find a Contributor License Agreement (CLA) for some of the contributors shown below. All contributors listed must be covered under a CLA for this pull request to be merged. 📝 If you are not currently covered under a CLA, please visit https://cla.developers.google.com/. Once you've signed, follow the "New Contributors" link at the bottom of this page to update this check.
2. Very glad to see that you're trying out Trillian and the CTFE! We're now actively working on their successors, Tessera and TesseraCT. They should be much (much) simpler to bring up, so maybe you want to give that a try as well. If you've got any question, you can find us (and other community members) on Slack.