sigstore
Add endpoint for hash algorithm used during signing.
Description
Today the public key can be retrieved via the API. For signature algorithms that rely on a hash function, the used hash function can not be retrieved via the API. Current Rekor cli assumes the hash function is SHA-256: https://github.com/sigstore/rekor/blob/main/cmd/rekor-cli/app/log_info.go#L190
Also, if the signing algorithm used is RSA, PKCS1 1.5 is assumed: https://github.com/sigstore/sigstore/blob/d59ee8fee91d9e1e1f5aeae9347a69ff3439ea29/pkg/signature/verifier.go#L45 This information should also be available via the API.
When relying on TUF for key distribution, those parameters should of course preferably be part of the TUF metadata.
When relying on TUF for key distribution, those parameters should of course preferably be part of the TUF metadata.
I think we should probably just require that these parameters be distributed out-of-band always; otherwise, it feels like an attack vector (I can MITM the connection to Rekor, tell you to use CRC32, and forge signatures).
I think we should probably just require that these parameters be distributed out-of-band always;
Yes, that is of course the best. I was a bit puzzled as the public key is available via the API, but not the parameters.
Makes sense.
Yeah, I think it's fair to want either both or neither, and maybe we should prefer neither.
and maybe we should prefer neither.
Yes, as that will not foster unsafe behaviour. For testing where the default is to use an in-memory generated key-pair, there has to be a way to extract the key at least. But there are other ways than via the API. Maybe one way is to not expose the endpoint for retrieving the public key, and require an explicit parameter to expose it (for local testing).
