Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

create KeylessSigner #1189

Merged
merged 2 commits into from
Dec 14, 2021
Merged

create KeylessSigner #1189

merged 2 commits into from
Dec 14, 2021

Conversation

dekkagaijin
Copy link
Member

Ticket Link

#844

Release Note

NONE

Signed-off-by: Jake Sanders <[email protected]>
@dekkagaijin dekkagaijin requested a review from mattmoor December 10, 2021 20:59
}
s, err := signature.LoadECDSASignerVerifier(priv, crypto.SHA256)
if err != nil {
return nil, err
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should consistently wrap errors, I think.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Comment on lines 64 to 69
// NewSigner generates a new private signing key and returns a `cosign.Signer` which creates signatures with it.
func NewSigner() (icosign.Signer, error) {
priv, err := cosign.GeneratePrivateKey()
if err != nil {
return nil, errors.Wrap(err, "generating cert")
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally when we say "keyless" we mean the full Fulcio flow with the ephemeral certificate chained into the root CA (and optionally logged to Rekor). Perhaps to avoid creating confusion over the term "keyless" (since it is only part) we should call this "ephemeral"?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

diggidy done

Signed-off-by: Jake Sanders <[email protected]>
@dekkagaijin dekkagaijin merged commit 008f860 into sigstore:main Dec 14, 2021
@github-actions github-actions bot added this to the v1.5.0 milestone Dec 14, 2021
@dekkagaijin dekkagaijin deleted the keyless branch December 14, 2021 03:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants