Refactor key handling #96
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
| m.keys[role] = make([]*data.Key, 0) | ||
| func (m *memoryStore) SavePrivateKey(role string, key *signed.PrivateKey) error { | ||
| if _, ok := m.signers[role]; !ok { | ||
| m.signers[role] = make([]signed.Signer, 0) |
There was a problem hiding this comment.
Is the explicit make necessary?
There was a problem hiding this comment.
Nope, it shouldn't be.
|
LGTM |
- Don't mix private and public key structs, use a separate struct for private keys. - Only store public keys in database used for signature verification. - Use crypto.Signer interface instead of providing private keys directly when signing. - Don't make as many assumptions about using Ed25519 keys everywhere. - Ignore unknown key types when populating the public key database. Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
titanous
force-pushed
the
refactor-keys
branch
from
489eade
to
47aba77
Compare
lebauce
pushed a commit
to lebauce/go-tuf
that referenced
this pull request
Jul 26, 2021
theupdateframework#96 and ECDSA support added in theupdateframework#98
rdimitrov
pushed a commit
to rdimitrov/go-tuf
that referenced
this pull request
Jan 25, 2024
…eframework#96) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.17.0 to 0.18.0. - [Commits](golang/crypto@v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
rdimitrov
pushed a commit
that referenced
this pull request
Jan 29, 2024
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.17.0 to 0.18.0. - [Commits](golang/crypto@v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the first step towards supporting ECDSA keys and signing via PKCS11.
golang.org/x/crypto/ed25519package instead ofgithub.com/agl/ed25519.for private keys.
verification.
crypto.Signerinterface instead of providing private keysdirectly when signing.
everywhere.
I've tested that keys generated with the previous implementation can be decoded and used by this refactored code (there is no change in the serialized data structures).