sigstore-rs
sigstore-rs copied to clipboard
sigstore
An experimental Rust crate for sigstore
**Description** As identified in #274: this client should support the bundle format defined in [protobuf-specs](https://github.com/sigstore/protobuf-specshttps://github.com/sigstore/protobuf-specs) for both signing and verification! This will also unblock integration with the conformance suite, which...
#### Summary This allows for either an exact match [StringVerifier::ExactMatch] or it allows for a regular expression [StringVerifier::Regex] This supports the use case of trusting signatures from a collection of...
**Description** In the `cosign` binary you can use `--certificate-identity-regexp` and `--certifcate-oidc-issuer-regex` to provide a regular expression for identity (email) or issuer. It would be great if we can do this...
Hello sigstore-rs devs! ## Description This is a tracking issue for conformance testing between this client implementation and other Sigstore clients, similar to https://github.com/sigstore/sigstore-java/issues/236 and https://github.com/sigstore/sigstore-python/issues/297. The rough idea here:...
In the [Sigstore clients special interest group](https://github.com/sigstore/sig-clients) [meeting today](https://docs.google.com/document/d/1PNbBZSG3QC8hWVYBx6YDppaXwmSLDfx7t66ECaGa8y4/edit#heading=h.amx8uup2nogs), we discussed an [issue with the release signatures on CPython](https://github.com/sigstore/sigstore-python/issues/600). We have two recommendations for client libraries: 1. After signing, the...
**Description** When verifying a signature passed via a file, trailing newlines are not sanitized. Using the [`verify_blob`](https://github.com/sigstore/sigstore-rs/blob/main/src/cosign/mod.rs#L163-L174) API with a signature file generated by sigstore-python, [`verify_signature`](https://github.com/sigstore/sigstore-rs/blob/main/src/crypto/verification_key.rs#L263-L267) fails with ``` Error:...
## Introduction I think the cosign API could be improved at a number of places. I already gave [some feedback on the cosign API](https://github.com/sigstore/sigstore-rs/issues/274#issuecomment-1607010911) in #274: Toggle for previous feedback....
#### Summary Updates sigstore.rs to use the latest Fulcio API v2 to request certs. This required a change in the structures used to send the request because the payload changed...
**Description** Similiar like golang-cosign, KMS plugins are needed to support to sign/verify the signatures of the images. A well-defined modular structure of code is needed.
A lot of the examples reference `COSIGN_EXPERIMENTAL=1`, which is no longer required, and they also may need extra flags, ex. `--certificate-identity` for `cosign verify-blob`.
