Riccardo Schirone

icon company Trail of Bits icon location Milano icon location Passionate about Security, CTF player with fuffateam, member of Codejitsu CGC team

Results 276 comments of Riccardo Schirone

Add support for ED25519ph for sign/verify(-blob) commands

@haydentherapper good call on the rekord vs hashedrekord issue! Currently there are problems indeed and with this change we can't verify rekord types with ed25519 keys ``` # generate the...

Add support for ED25519ph for sign/verify(-blob) commands

What do you think about this solution? ```diff diff --git a/pkg/cosign/verify.go b/pkg/cosign/verify.go index b7d15e2c..17627188 100644 --- a/pkg/cosign/verify.go +++ b/pkg/cosign/verify.go @@ -19,6 +19,7 @@ import ( "context" "crypto" "crypto/ecdsa" + "crypto/ed25519"...

Add support for ED25519ph for sign/verify(-blob) commands

> This is also blocked by Fulcio support, correct? Either we'll need to be OK with Fulcio certifying ed25519ph keys as ed25519 (my preference), or fork x509.go > > edit:...

Add support for ED25519ph for sign/verify(-blob) commands

Closing in favour of https://github.com/sigstore/cosign/pull/4050 and https://github.com/sigstore/cosign/pull/3497 .

re-deployments of buttercup break Signoz login

@srikanthccv since you mentioned it, you might be interested in having a look

re-deployments of buttercup break Signoz login

> I'm unable to fully test this without API keys for the complete environment setup. What do you mean by this? To make the whole system work you only need...