You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey there. I'm currently working on a project, where I'm trying to contact the notary API, to get some trust data about docker images that is stored there. I want to verify the signature of this trust data on my own, with my local public keys, as a means to prevent man-in-the-middle attacks. I'm using the ecdsa python library for the signature verification and everything works out fine, but would like to switch to the cryptography library eventually, as it is way more powerful and uses openssl as backend. Unfortunately this doesn't work, as openssl does not accept the signatures notary provides. Apparently they are in a wrong format and are missing the ASN.1 frame around them. An exact example of what I'm trying to do can be found here. There you can see, the payload I'm trying to verify, is data that comes from notary. The answer by Nils Wisiol also further explains the whole openssl problematic.
My question/issue would be, can I somehow change the behavior of notary to create proper signatures, that are accepted by openssl? Or are you planning on changing this behavior in the future? Some input from you guys on this matter would be appreciated.
The text was updated successfully, but these errors were encountered:
Hey there. I'm currently working on a project, where I'm trying to contact the notary API, to get some trust data about docker images that is stored there. I want to verify the signature of this trust data on my own, with my local public keys, as a means to prevent man-in-the-middle attacks. I'm using the ecdsa python library for the signature verification and everything works out fine, but would like to switch to the cryptography library eventually, as it is way more powerful and uses openssl as backend. Unfortunately this doesn't work, as openssl does not accept the signatures notary provides. Apparently they are in a wrong format and are missing the ASN.1 frame around them. An exact example of what I'm trying to do can be found here. There you can see, the payload I'm trying to verify, is data that comes from notary. The answer by Nils Wisiol also further explains the whole openssl problematic.
My question/issue would be, can I somehow change the behavior of notary to create proper signatures, that are accepted by openssl? Or are you planning on changing this behavior in the future? Some input from you guys on this matter would be appreciated.
The text was updated successfully, but these errors were encountered: