Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Fulcio support to signing #158

Merged
merged 9 commits into from
May 13, 2024
Merged

Add Fulcio support to signing #158

merged 9 commits into from
May 13, 2024

Commits on May 1, 2024

  1. Add Fulcio support to signing 

    This involved a bit of a refactor to support MessageSignature and DSSE
bundle content.

Also, we should probably start adding tests soon.

Signed-off-by: Zach Steindler <steiza@github.com>
    @steiza
    steiza committed May 1, 2024
    Configuration menu
    Copy the full SHA
    171eb77 View commit details
    Browse the repository at this point in the history

Commits on May 2, 2024

  1. Rename Content Prepare to PreAuthEncoding 

    Signed-off-by: Zach Steindler <steiza@github.com>
    @steiza
    steiza committed May 2, 2024
    Configuration menu
    Copy the full SHA
    f62bb30 View commit details
    Browse the repository at this point in the history

Commits on May 6, 2024

  1. Support Fulcio signing with supplied key. 

    Signed-off-by: Zach Steindler <steiza@github.com>
    @steiza
    steiza committed May 6, 2024
    Configuration menu
    Copy the full SHA
    f2d7e69 View commit details
    Browse the repository at this point in the history

  2. More cleanly delineate between Content and Keypair 

    `Content` now clearly owns generating and remembering the hash digest.

`Keypair` communicates the hash algorithm to `Content`, and generates
the signature.

Signed-off-by: Zach Steindler <steiza@github.com>
    @steiza
    steiza committed May 6, 2024
    Configuration menu
    Copy the full SHA
    5c01baa View commit details
    Browse the repository at this point in the history

  3. Use sigstore/sigstore cryptoutils.MarshalPublicKeyToPEM 

    Signed-off-by: Zach Steindler <steiza@github.com>
    @steiza
    steiza committed May 6, 2024
    Configuration menu
    Copy the full SHA
    de0abd6 View commit details
    Browse the repository at this point in the history

Commits on May 10, 2024

  1. Fix proof of possesion signature 

    Signed-off-by: Zach Steindler <steiza@github.com>
    @steiza
    steiza committed May 10, 2024
    Configuration menu
    Copy the full SHA
    d63db0f View commit details
    Browse the repository at this point in the history

  2. Move bundle logic out to be all in one place 

    Signed-off-by: Zach Steindler <steiza@github.com>
    @steiza
    steiza committed May 10, 2024
    Configuration menu
    Copy the full SHA
    862937e View commit details
    Browse the repository at this point in the history

  3. Add clarifying comments 

    Signed-off-by: Zach Steindler <steiza@github.com>
    @steiza
    steiza committed May 10, 2024
    Configuration menu
    Copy the full SHA
    2410557 View commit details
    Browse the repository at this point in the history

Commits on May 13, 2024

  1. Simplify EphemeralKeypair options and require explicit keypair for si… 

    …gning

Signed-off-by: Zach Steindler <steiza@github.com>
    @steiza
    steiza committed May 13, 2024
    Configuration menu
    Copy the full SHA
    29150cb View commit details
    Browse the repository at this point in the history