Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Allow parsing HSM and online keys with deprecated and new PEM format #375

Merged
merged 2 commits into from
Sep 13, 2022
Merged

feat: Allow parsing HSM and online keys with deprecated and new PEM format #375

merged 2 commits into from
Sep 13, 2022

Conversation

asraa
Copy link
Contributor

@asraa asraa commented Sep 12, 2022

Summary

PART 2 OF HEX TO ECDSA MIGRATION. See #329 (comment)

  • Update HSM and online key parsing logic to allow for parsing into hex and parsing into PEM.
  • Cleans up some code that can use sigstore/sigstore cryptoutil parsing
  • Tested that getting signing key from HSM and online can be done with both hex and PEM and go-tuf can verify either.

Release Note

Documentation

@asraa
wip
4770777 
Signed-off-by: Asra Ali <asraa@google.com>

allow parsing keys to PEM

Signed-off-by: Asra Ali <asraa@google.com>
haydentherapper
haydentherapper reviewed Sep 12, 2022
View reviewed changes
cmd/tuf/app/add-delegation.go Outdated Show resolved Hide resolved
pkg/keys/keys.go Show resolved Hide resolved
pkg/keys/keys.go Show resolved Hide resolved
tests/e2e_test.go Outdated
@@ -389,7 +389,7 @@ func TestPublishSuccess(t *testing.T) {
if err := app.SnapshotCmd(ctx, td); err != nil {
t.Fatalf("expected Snapshot command to pass, got err: %s", err)
}
snapshotSigner, err := keys.GetSigningKey(ctx, snapshotKey)
snapshotSigner, err := keys.GetSigningKey(ctx, snapshotKey, true)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

any test where deprecated is false, or is that coming later?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not e2e yet, just in the package tests. In e2e we only expect deprecated keys (until Part 3, coming soon) because that's what the CLI hard-codes

Part 3 will have some refactor for CLI to parametrize/change the encoding/decoding

@asraa
comments
dfd24a6 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa asraa merged commit d7c9b44 into sigstore:main Sep 13, 2022
@asraa asraa mentioned this pull request Jul 27, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlorenc dlorenc dlorenc approved these changes

@haydentherapper haydentherapper haydentherapper approved these changes

@joshuagl joshuagl Awaiting requested review from joshuagl

@kommendorkapten kommendorkapten Awaiting requested review from kommendorkapten

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@asraa @dlorenc @haydentherapper