Skip to content

fix(attestations): avoid DSSE sig double encoding #1833

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 19, 2025
Merged

fix(attestations): avoid DSSE sig double encoding #1833

merged 4 commits into from
Feb 19, 2025

Conversation

jiparis
Copy link
Member

@jiparis jiparis commented Feb 19, 2025

This PR ensures Signatures are not base64 encoded twice. It's backwards compatible with current attestations.

Fixes #1832

@jiparis
ensure dsse signatures are not encoded twice
1a51cd1 
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
@jiparis
fix double encoding in DSSE sig
a5b7bf5 
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
@jiparis jiparis requested review from javirln and migmartri February 19, 2025 09:11
@jiparis
add missing file
102f1aa 
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
@jiparis
add comment
8849f5f 
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
@jiparis jiparis merged commit bfa42fe into chainloop-dev:main Feb 19, 2025
13 checks passed
@jiparis jiparis deleted the pfm-2470-1832 branch February 19, 2025 09:53
jiparis added a commit to jiparis/chainloop that referenced this pull request Feb 19, 2025
@jiparis
Revert "fix(attestations): avoid DSSE sig double encoding (chainloop-…
6c968d0 
…dev#1833)"

This reverts commit bfa42fe.

Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
migmartri pushed a commit that referenced this pull request Feb 19, 2025
@jiparis
Revert "fix(attestations): avoid DSSE sig double encoding (#1833)" (#…
2abed48 
…1836)

Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@javirln javirln javirln approved these changes

@migmartri migmartri Awaiting requested review from migmartri

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bug: signatures in DSSE envelopes are base64 encoded twice

2 participants

@jiparis @javirln