hackage-security icon indicating copy to clipboard operation
hackage-security copied to clipboard

Published 20 hours ago verified publisher icon haskell

Encoding is Base64 but TUF uses Hex

Open tekul opened this issue 10 years ago • 2 comments

Just a minor question. When I run hackage-local, the encoding for keys and so on seems to all be in Base64, but the TUF spec shows everything as hex-encoded.

To avoid future compatibility issues (e.g. a generic Haskell TUF implementation which could be used by other repositories, not just Hackage, and might need to interact with other clients) might it not be better to use the same encoding?

tekul avatar Jun 27 '15 20:06 tekul

The TUF spec says to use hex encoding for key IDs (and we do); it leaves the encoding for actual keys open (indeed, it leaves the entire public key algorithm open) -- I don't think think it gives a specific format in which it expects keys. But if I'm wrong about that and it does specify a specific format for keys (in particular, for ED25519 keys) then yes, we should match it.

edsko avatar Jun 27 '15 20:06 edsko

Yeah, it only seems to mention PEM format for RSA keys. It seems a bit of an omission though, since a client would then have to know the format in advance (or try multiple options).

tekul avatar Jun 27 '15 21:06 tekul