You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We started doing some work with sigstore/fulcio#1517, which tries to support only client keys of type ecdsa+sha256 and ed25519. Fulcio does not really care about the user keys, however Rekor does and right now it does not support ed25519 (see sigstore/rekor#1724 for details).
As suggested there and in other rekor issues, the idea is to add support for ed25519ph which is a pre-hashed version of ed25519. Having this support in sigstore/sigstore would allow sigstore-go, rekor, and cosign to use ed25519 keys as an alternative to the default ecdsa + sha256.
Description
At Trail of Bits, we're looking at implementing part of the Configurable Crypto Algorithms proposal (specifically Phase 1). See sigstore/cosign#3271, sigstore/rekor#1724, sigstore/fulcio#1388 for related issues in the other repos.
We started doing some work with sigstore/fulcio#1517, which tries to support only client keys of type ecdsa+sha256 and ed25519. Fulcio does not really care about the user keys, however Rekor does and right now it does not support ed25519 (see sigstore/rekor#1724 for details).
As suggested there and in other rekor issues, the idea is to add support for ed25519ph which is a pre-hashed version of ed25519. Having this support in sigstore/sigstore would allow sigstore-go, rekor, and cosign to use ed25519 keys as an alternative to the default ecdsa + sha256.
cc @tetsuo-cpp @woodruffw
The text was updated successfully, but these errors were encountered: