Importing RSA and EC keypairs #1050
Conversation
|
Looks like DCO is missing! You'll need to use the |
Signed-off-by: Ivan Wallis <ivan.wallis@venafi.com>
Signed-off-by: Ivan Wallis <ivan.wallis@venafi.com>
Signed-off-by: Ivan Wallis <ivan.wallis@venafi.com>
venafi-iw
force-pushed
the
rsa-import
branch
from
8db9819
to
c55d69e
Compare
Signed-off-by: Ivan Wallis <ivan.wallis@venafi.com>
There was a problem hiding this comment.
Overall, it looks in a good direction, but I wonder how this fits the broader codebase (I think there's a lot of possibly repeated code).
I also feel there are a couple of minor fix/tweaks that may be making the code slightly harder to review. I wonder if we could split those into a smaller PR...
| } | ||
| fmt.Fprintln(os.Stderr) | ||
| fmt.Fprint(os.Stderr, "Enter password for private key again: ") | ||
| pw2, err := term.ReadPassword(0) |
There was a problem hiding this comment.
I'm not entirely fond of pw2 when this should be a confirmation. I'm not sure what the golang guidelines are for variable naming, but maybe something more explicit would make the code more readable.
There was a problem hiding this comment.
Ok, I can update the variable to something more explcit such as confirmpw
Signed-off-by: Ivan Wallis <ivan.wallis@venafi.com>
pkg/cosign/keys.go
Outdated
|
|
||
| } | ||
|
|
||
| func MarshallKeyPair(keypair Key, pf PassFunc) (*Keys, error) { |
There was a problem hiding this comment.
nit: spelling MarshalKeyPair
There was a problem hiding this comment.
could you share this code with GenerateKeyPair? and given that it's only called within this function, maybe it should be made private.
Signed-off-by: Ivan Wallis <ivan.wallis@venafi.com>
There was a problem hiding this comment.
Sorry for the delay, taking a review! Could you check on the test failures as well?
? github.com/sigstore/cosign/pkg/blob [no test files]
--- FAIL: TestImportPrivateKey (0.12s)
keys_test.go:158: unexpected error importing key: parsing error
FAIL
Also, running and committing the change from go run -tags pivkey,pkcs11key,cgo ./cmd/help/ will fix the doc gen CI check
Signed-off-by: Ivan Wallis <ivan.wallis@venafi.com>
|
Your code suggestion doesn't compile. |
Signed-off-by: Ivan Wallis <ivan.wallis@venafi.com>
Was hoping you would take away the gist of what I was saying. I pulled your branch and completed it for you: |
Signed-off-by: Ivan Wallis <ivan.wallis@venafi.com>
|
ImportKeyPair function updated. |
Signed-off-by: Ivan Wallis <ivan.wallis@venafi.com>
Signed-off-by: Ivan Wallis <ivan.wallis@venafi.com>
|
cc @lukehinds @dlorenc do you want to give this a merge? LGTM just want a final pass in case I'm missing something cosign-style-y |
looks goof from a cursory view, but there are a quite a few CI failures. |
|
Yeah looks like a merge conflict somewhere, otherwise should be good to go. |
Signed-off-by: Ivan Wallis <ivan.wallis@venafi.com>
|
@dlorenc Made some code updates and looks good for next steps. |
|
This looks good to me, there's one more conflict though :( Once that gets fixed i'll merge right away so you don't keep getting hit! |
Signed-off-by: Ivan Wallis <ivan.wallis@venafi.com>
|
Conflict resolved |
|
Thanks for dealing with all the delays and merge conflicts! |
| ### Sign a container with imported keypair | ||
|
|
||
| ```shell | ||
| $ cosign sign --key import import-cosign.key dlorenc/demo |
There was a problem hiding this comment.
this import is needed?
or should be just cosign sign --key import-cosign.key dlorenc/demo ?
There was a problem hiding this comment.
documentation needs to be updated as it should be:
cosign sign --key import-cosign.key dlorenc/demo
Summary
This PR provides support for importing RSA and EC keypairs that were generated using 3rd party utilities such as OpenSSL. Imported keypairs are converted to Cosign keypairs.
Ticket Link
This PR is in relation to #549
Release Notes
import-key-pair