8000 rekor: Use checkpoint_key_id when possible · Issue #1364 · sigstore/sigstore-python · GitHub

More Web Proxy on the site http://driver.im/

rekor: Use checkpoint_key_id when possible #1364

New issue

< 8000 div class="px-4">

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

jku opened this issue May 5, 2025 · 0 comments

Labels

Member

jku commented

•

Description

sigstore/protobuf-specs#629

It seems when we lookup correct keys in trust root, we should use checkpoint_key_id if it is available and log_id only as fallback.

Changes:

the rekor keyring is currently essentially a dict[keyid, PublicKey]: we need to track checkpoint_key_id as well -- I'm guessing it makes sense to store the whole RekorLog in the container, not just PublicKey
the checkpoint code currently calls RekorKeyring.verify() with a keyid argument: this needs to be redesigned a bit

The text was updated successfully, but these errors were encountered:

jku added the enhancement label

jku mentioned this issue

Complete returned TransparencyLogEntry sigstore/rekor-tiles#285

Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

0