Hi,
Thanks for making this library available to the community. I have a question on why the KeyGetter interface only returns private keys. In Verify you did extract the public key from this private key. In my use case, the caller of my service signs the inbound headers and I have access (via a DID lookup on a blockchain) to their public key. Based on the current design, how would I verify signed headers coming from an outside resource (with only their public key available to me)?

Ah, see now that the toRSAPublicKey uses the key type to convert or use as is. Thanks again for the library.