Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

signer: add constants for key types and signing schemes #593

Open
lukpueh opened this issue May 31, 2023 · 1 comment
Open

signer: add constants for key types and signing schemes #593

lukpueh opened this issue May 31, 2023 · 1 comment
Labels
contribfest Issues for KubeCon EU contribfest good first issue

Comments

@lukpueh
Copy link
Member

lukpueh commented May 31, 2023

Supported key types and signing scheme strings are currently hardcoded all over the library. We should define them in a single place e.g. securesystemslib.signer._constants and update all secureystemslib.signer.* modules to use them. (I suggest to not touch legacy modules such as secureystemslib.keys)

Publicly registered key types and schemes can be found in:

securesystemslib/securesystemslib/signer/__init__.py

Lines 39 to 55 in 135567f

("ecdsa", "ecdsa-sha2-nistp256"): SSlibKey,
("ecdsa", "ecdsa-sha2-nistp384"): SSlibKey,
("ecdsa-sha2-nistp256", "ecdsa-sha2-nistp256"): SSlibKey,
("ecdsa-sha2-nistp384", "ecdsa-sha2-nistp384"): SSlibKey,
("ed25519", "ed25519"): SSlibKey,
("rsa", "rsassa-pss-sha224"): SSlibKey,
("rsa", "rsassa-pss-sha256"): SSlibKey,
("rsa", "rsassa-pss-sha384"): SSlibKey,
("rsa", "rsassa-pss-sha512"): SSlibKey,
("rsa", "rsa-pkcs1v15-sha224"): SSlibKey,
("rsa", "rsa-pkcs1v15-sha256"): SSlibKey,
("rsa", "rsa-pkcs1v15-sha384"): SSlibKey,
("rsa", "rsa-pkcs1v15-sha512"): SSlibKey,
("sphincs", "sphincs-shake-128s"): SpxKey,
("rsa", "pgp+rsa-pkcsv1.5"): GPGKey,
("dsa", "pgp+dsa-fips-180-2"): GPGKey,
("eddsa", "pgp+eddsa-ed25519"): GPGKey,

Additionally, there are a few non-registered ones, which ca be found by looking for implementations of the Key interface.
This was referenced May 31, 2023
Open
Closed
@lukpueh
Copy link
Member Author

lukpueh commented Jun 2, 2023

The 3 original key types are already defined as constants in init, which are only used in securesystemslib.interface. I suggest to deprecate them in favour of constants defined in the signer sub-package.

@lukpueh lukpueh mentioned this issue Jun 27, 2023
Merged
@lukpueh lukpueh mentioned this issue Jul 20, 2023
Merged
3 tasks
@lukpueh lukpueh added the contribfest Issues for KubeCon EU contribfest label Mar 14, 2024
@lukpueh lukpueh mentioned this issue Mar 14, 2024
Open
lukpueh added a commit to lukpueh/securesystemslib that referenced this issue May 2, 2024
@lukpueh
Remove 3 stray global key type constants
6975b81 
These feel a bit lost in the package-level namespace and are also
only a subset of the key types supported in the signer API.

Let's exclude them from the 1.0.0 API, and think of a suitable place
when addressing secure-systems-lab#593.

The patch also refactors an internal usage of one of the constants.
Externally, they seem to be only imported (but unused) in in-toto, which
is prepared for breaking changes in securesystemslib.

Signed-off-by: Lukas Puehringer <[email protected]>
@lukpueh lukpueh mentioned this issue May 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
contribfest Issues for KubeCon EU contribfest good first issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lukpueh