-
Notifications
You must be signed in to change notification settings - Fork 510
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failed to sign with transparency log #2907
Comments
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
@znewman01 Sorry, but I think I have a different issue from @axi92. I have no issues with the privacy prompt but one with the signing process failing as highlighted in my code snippet above:
Also shown in my bug report, I have indicated
|
Whoops, didn't read that very carefully. Sorry! This looks like an error in Rekor (the transparency log) validating the signature in the entry you're sending up to it. Can you give more details about the AWS KMS key you're using to sign? It may be that we don't recognized the key type. |
Certainly, so we created an asymmetric AWS KMS key with the |
At a glance, I believe this is because Rekor only supports sha256 currently, and this needs to be sha512. It’s unable to verify the signature that’s been uploaded because the digest that’s signed over would not be equal. I think there’s an open issue in the repo, but if not, feel free to open one. |
Yeah, that'll do it. Good catch. I think that as soon as we resolve sigstore/rekor#1299 this will just work in Cosign, so I'm going to close this as a dupe. |
Thanks @haydentherapper and @znewman01 for taking a look at this. The signing/verification flow works without issues when using a |
Description
We are using AWS KMS as our key store. Running the following command causes an error:
However, if we opt to use
--tlog-upload=false
flag, then no error is displayed.Version
The text was updated successfully, but these errors were encountered: