-
Notifications
You must be signed in to change notification settings - Fork 162
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using SHA384 (or other) digests #1299
Comments
If I understand your question, I think you might be confusing the digest algorithm used to digitally sign the code signing certificate, which can differ from the digest algorithm used to generate the detached signature over the artifact (which we only support SHA256 right now for uploads to Rekor using the We could add other algorithms in the enum, and switch to using the requested algorithm during the validation on insert within Rekor. |
I think there are two aspects on this: a) If I choose SHA384 for the code signing certificate, why would I want to be limited to SHA256 for the blob?
From what I understand, this means that signing a digest of SHA256 with a key for P384, would reduce the security to 256 bits. And I guess this is why some implementations, like the ones from Rust Crypto, actually prevent you from doing this. |
This came up again - Someone was using ECDSA P-521 which requires sha512 |
For the blob, that's a little bit awkward—we stick the blobs in a Merkle tree using SHA256, so "extra" security for hashing the blob doesn't make theoretical sense. We also sign the entries using the Rekor public key, which uses SHA256. I guess the Rust Crypto philosophy (forbid you from accidentally doing something that reduces the security level) would say "you shouldn't be able to sign with anything stronger" and "you shouldn't be able to hash your blobs with anything stronger." However, I think in practice we do want to allow signatures using algorithms that use SHA384/SHA512; we had a request over at Cosign for this: sigstore/cosign#2907 |
Using Fulcio, it is possible to request different key (and digest) configuration. ECDSA256 with SHA256, but also ECDSA384 with SHA384 (among others).
However, in Rekor it seems that it is only possible to store SHA256 hashes:
rekor/pkg/types/hashedrekord/v0.0.1/hashedrekord_v0_0_1_schema.json
Lines 38 to 42 in 187df73
So my understanding, this limits using Fulcio to an ECDSA256/SHA256 configuration?
How it is possible to user other digest algorithms with Rekor?
The text was updated successfully, but these errors were encountered: