connaisseur icon indicating copy to clipboard operation
connaisseur copied to clipboard

Published 20 hours ago verified publisher icon sse-secure-systems

Support more digest algorithms

Open phbelitz opened this issue 2 years ago • 2 comments

Describe the feature Connaisseur only supports sha256 as a digest algorithm. It's hard coded at many parts of the code. Multiple digests algorithms should be supported.

phbelitz avatar Dec 23 '22 10:12 phbelitz

Are such image references really used, or is this a hypothetical use case?

peterthomassen avatar Dec 23 '22 11:12 peterthomassen

@peterthomassen I just crossed one by trying to validate docker images from Jetstack (like cert-manager), they use SHA512 https://cert-manager.io/docs/installation/code-signing/#container-images--cosign

and I get the error from connaisseur CONNAISSEUR rejected a request: The trust_root type <class 'connaisseur.trust_root.RSAKey'> is unsupported for a validator of typecosign. (not denied due to DETECTION_MODE)

reneeckstein avatar Jun 14 '23 21:06 reneeckstein