-
Hi,
I want to do code signing for Azure Gov App service.
I see below error below while using Azure DevOps with Azure Gov US certificate.
"Confidential Client is not supported in Cross Cloud requ…
-
I realize it may be a bit early to review the draft, but I gave it a read and had some comments and questions.
- How/where is this intended to be used? Some elements seem useful to conveying a (po…
-
**Description**
With the current spec, a client specifies how many SETs and how many timestamps are expected. The current implementation expects that every timestamp that is present is verifiab…
-
[...]
There's a bigger question though: is this CBOR tst-info something that we can define in isolation? Or should it be more proper to do a full COSE translation of RFC3161?
_Originally posted…
-
* **Version**: 1.8.4
* **Target**: Windows 8
Hi I'm using electron-builder to make a .exe and it fails at signing "Zipier Desktop.exe".
The command its using to sign is:
```…
-
**Description**
The current documentation on using KMS to store certificates https://github.com/sigstore/timestamp-authority#cloud-kms is somewhat unclear on what needs to be done, and possibly les…
-
**Description**
The existing cosign attach command does not support passing RFC3161Timestamp response from TSA as an argument. The cosing attach command should be enhanced to support attachment of …
-
**What are you trying to do?**
https://github.com/adoptium/temurin-build/blob/1faf3ecc4903b2f562af15b28c15bff97f46c675/sign.sh#L66
serverTimestamp.properties
```
comodaca=http://timestamp.como…
-
I am attempting to automate Code signing from our bamboo server. Everything seems to work well when remotely logged into the machine using this command:
`java -jar C:\Users\USER\jsign-4.1.jar --key…
-
I would like to propose a standard bundle output format for Sigstore clients. The user journey we're targeting is "I can sign an artifact in client X and verify it in client Y".
This has come up a …