Support for rsa, rsa-x509 and ecdsa-x509 on targets keys

[victorfrancax1]

Hey guys,

We're implementing connaisseur at our company, and we noticed that it doesn't support the use of rsa, rsa-x509 orecdsa-x509 keys, only ecdsa, in delegation roles, which correspond to targets in Notary's key hierarchy. Is there any particular reason for that?

Our understanding is that these should be supported, since it's stated at Content Trust's official tutorial that both cryptosystems could be used. The example in the documentation not only uses rsa, but its x509 form, in order to add the signer.

If this is something that cannot be implemented right now, I think it would be nice if connaisseur's documentation had this information stated somewhere. We had to manually compare our targets.json with targets_schema.json to find what we were doing wrong when trying to verify a signature.

Thanks in advance!

[phbelitz]

Hi there! Thank you very much for the issue.

The reason we don't support rsa, rsa-x509 and ecdsa-x509 (yet) is because the default key generation using Docker Content Trust only uses ecdsa and we didn't anticipate someone using other means on creating the keys. But that doesn't mean it has to stay that way! We'll gladly look into the issue and rollout a new release, supporting the new key types at some later time.

If you want, you can also prepare a pull request to speed things up. I'd be very excited to see one! Cheers.

[xopham]

also mentioned in #246

[MageshSrinivasulu]

@phbelitz Is the support for RSA rolled out ?

[Starkteetje]

With the release 3.4.0, support for all TUF key types through the Go notary package was added