Merge PublicKeyDetails and KnownSignatureAlgorithms
#212
Conversation
kommendorkapten
requested review from
woodruffw,
haydentherapper and
tetsuo-cpp
Signed-off-by: Fredrik Skogman <[email protected]>
kommendorkapten
force-pushed
the
signature-pub-key-merge
branch
from
0675d15
to
06138b8
Compare
There was a problem hiding this comment.
LGTM, thanks @kommendorkapten!
I'll rebase #199 on top of this.
| PKIX_RSA_PSS = 4 [deprecated = true]; | ||
| PKIX_RSA_PKCS1_2048_SHA256 = 9; | ||
| PKIX_RSA_PKCS1_3072_SHA256 = 10; | ||
| PKIX_RSA_PKCS1_4096_SHA256 = 11; |
There was a problem hiding this comment.
@kommendorkapten Sorry, just reviewed - Can we keep the PSS variants?
There was a problem hiding this comment.
Whoops, missed this as well. I can add those to #199, since I'm already modifying the file.
There was a problem hiding this comment.
Thanks. Do we also want to be pedantic about pkcs1 vs pkcs1v5? Also, should we support the pkcs1 encoded variants? sigstore/sigstore is able to unmarshal either pkix or pkcs1 encodings.
There was a problem hiding this comment.
(moving convo over to 199)
There was a problem hiding this comment.
Hmm, I could go either way on PKCS#1 vs. PKCS#1v1.5 -- I think it's common enough in practice to abbreviate the latter as the former. But specificity also wouldn't hurt.
In terms of encodings: I would lean towards the PKIX variants, since they're what appears in X.509. But maybe the trust root encodes them as PKCS1? I'm not sure 😅
Summary
Merge the two messages to avoid confusion and drift.
Release Note
PublicKeyDetails. New algorithms for RSA is added, see below for details. The new algorithms for RSA specifies both the hash algorithm used, and the bit length of the public modulus.PublicKeyDetailsPKIX_RSA_PKCS1_2048_SHA256PKIX_RSA_PKCS1_3072_SHA256PKIX_RSA_PKCS1_4096_SHA256PKIX_ECDSA_P384_SHA_384PKIX_ECDSA_P521_SHA_512Documentation
N/A