sget-rs icon indicating copy to clipboard operation
sget-rs copied to clipboard

Published 20 hours ago verified publisher icon sigstore

Feature: support standard public keys (with and without transparency logs)

Open dlorenc opened this issue 3 years ago • 1 comments

Description

Signing with a fixed key is still sometimes the best answer, depending on availability and privacy tradeoffs. The transparency log was designed to help make this even safer.

I think sget should support verification based on public keys, in addition to the other methods. Rekor checks should be an option here too!

dlorenc avatar Dec 19 '21 03:12 dlorenc

makes sense, the main driver for keyless policy was for a no-brainer UX, but a pub key could be utlised as well.

for rekor there is a certain amount in sigstore-rs, I will try and take a look

https://github.com/sigstore/sigstore-rs/issues/16

lukehinds avatar Dec 19 '21 07:12 lukehinds