Skip to content

Allow public keys to sign hashedrekord #497

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 1, 2025
Merged

Allow public keys to sign hashedrekord #497

merged 1 commit into from
Jul 1, 2025

Conversation

cmurphy
Copy link
Contributor

@cmurphy cmurphy commented Jul 1, 2025

There was a restriction when signing Rekor v1 hashedrekord entries that required them to use a certificate rather than a public key. This isn't a restriction imposed by Rekor, and it is going to need to have this kind of flexibility if and when this gets used for signing in cosign. This change eliminates the restriction and then updates the examples to show how this could be used.

Summary

Release Note

Documentation

@cmurphy
Allow public keys to sign hashedrekord
7c0adeb 
There was a restriction when signing Rekor v1 hashedrekord entries that
required them to use a certificate rather than a public key. This isn't
a restriction imposed by Rekor, and it is going to need to have this
kind of flexibility if and when this gets used for signing in cosign.
This change eliminates the restriction and then updates the examples to
show how this could be used.

Signed-off-by: Colleen Murphy <[email protected]>
@cmurphy cmurphy requested a review from a team as a code owner July 1, 2025 20:09
@cmurphy
Copy link
Contributor Author

cmurphy commented Jul 1, 2025

Hoping to be able to use this in rekor-tiles tests so that we don't have to stand up a Fulcio instance.

@cmurphy cmurphy requested review from steiza and haydentherapper July 1, 2025 20:41
haydentherapper
haydentherapper approved these changes Jul 1, 2025
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch! LGTM

@haydentherapper haydentherapper merged commit 55a5b9c into sigstore:main Jul 1, 2025
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haydentherapper haydentherapper haydentherapper approved these changes

@steiza steiza Awaiting requested review from steiza

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cmurphy @haydentherapper