Switch to compressed keys

[dvdplm]

Main changes:

1. Compressed is now the default, and this is reflected in naming as well. The semantic "rule" here is that the short and obvious name for something will expect/return compressed keys; when using uncompressed keys, the naming is more cumbersome. Important review points: TODO
2. The wire-format changed. The protobuf enum/default meaning changed, so omitting a config will now default to compressed. This is a point worth discussing but I think we should start out with the shape that we want to have, and then add glue/conversion/work-arounds to accomodate the harsh reality of backwards compatibility. Important review points: TODO
3. Test material generation is now more aggressive about cleanup and obviously defaults to compressed keys. Not a giant change, but plenty of fallout in test-helpers and isolated tests stem from this.

A lot of churn comes from renamed methods, checks for compressed? in tests and the flipped logic.

Open questions:

• Threshold private storage still duplicates decompressed public material

[github-actions]

Consolidated Tests Results 2026-04-13 - 10:47:26

Test Results

2 failed
16 passed

Details

18 tests
not captured
junit-to-ctrf
build-and-test test-reporter #1284
Switch to compressed keys #518

Failed Tests

kms-core-client::kubernetes_test_threshold_isolated k8s_test_insecure_keygen_encrypt_and_public_decrypt
kms-core-client::kubernetes_test_threshold_isolated k8s_test_insecure_keygen_encrypt_multiple_types

test-reporter: Run #1284

Tests 📝	Passed ✅	Failed ❌	Skipped ⏭️	Pending ⏳	Other ❓	Flaky 🍂	Duration ⏱️
18	16	2	0	0	0	0	not captured

❌ Some tests failed!

Name	Failure Message
❌ k8s_test_insecure_keygen_encrypt_and_public_decrypt	thread 'k8s_test_insecure_keygen_encrypt_and_public_decrypt' (28700) panicked at core/service/src/util/key_setup/test_tools.rs:329:10
❌ k8s_test_insecure_keygen_encrypt_multiple_types	thread 'k8s_test_insecure_keygen_encrypt_multiple_types' (28810) panicked at core/service/src/util/key_setup/test_tools.rs:329:10

Tests

View All Tests

Test Name	Status	Flaky	Duration
nightly_full_gen_tests_k8s_default_threshld_sequential_crs	✅		32.6s
test_k8s_threshld_insecure	✅		2m 54s
k8s_test_crs_uniqueness	✅		32.7s
k8s_test_insecure_keygen_encrypt_and_public_decrypt	❌		2m 45s
k8s_test_insecure_keygen_encrypt_multiple_types	❌		2m 41s
k8s_test_keygen_and_crs	✅		2m 55s
k8s_test_keygen_uniqueness	✅		7m 56s
nightly_full_gen_tests_k8s_default_threshld_sequential_crs	✅		35.2s
test_k8s_threshld_insecure	✅		3m 23s
k8s_test_crs_uniqueness	✅		35.2s
k8s_test_insecure_keygen_encrypt_and_public_decrypt	✅		3m 26s
k8s_test_insecure_keygen_encrypt_multiple_types	✅		3m 45s
k8s_test_keygen_and_crs	✅		3m 24s
k8s_test_keygen_uniqueness	✅		9m 18s
nightly_full_gen_tests_k8s_default_centralzd_sequential_crs	✅		1.8s
test_k8s_centralzd_insecure	✅		1m 1s
k8s_test_centralized_insecure	✅		1m 2s
nightly_full_gen_tests_default_k8s_centralized_sequential_crs	✅		1.8s

_{🍂 No flaky tests in this run.}

Github Test Reporter by CTRF 💚

🔄 This comment has been updated