-
Sigstore has an RFC 3161 TSA now, and signers can request a TSR from it while signing.
During signing, this would probably look like:
1. Doing signing as normal;
2. Submitting a timestamp requ…
-
**Description:** We want to provide end users with OS images and installation procedure allowing them to deploy PiRogue in a virtual environment (VM, cloud...). One of the direct implication is suppor…
U039b updated
1 month ago
-
We need to add an additional field on each signature that allows us to embed signature of that signature from permitted time stamping authorities.
Word soup, I know.
Basically we need to send a …
-
**Is your feature request related to a problem? Please describe.**
There is no way to mark the Extended Key Usage as critical in Vault.
**Describe the solution you'd like**
An option to mark Exte…
-
**Description**
Currently, sigstore-java is all-in-one, so users can't select the bits they need, and the dependency surface might become an issue.
For instance, generating Sigstore Bundle requi…
-
**Description**
Signing and verifying an artifact with a legacy-format bundle with a disconnected timestamp file works:
```
$ go run cmd/cosign/main.go sign-blob /tmp/blob -y --bundle /tmp/bl…
-
This is a spinoff of #929 , following up the first batches of type fixes in various PRs. The following files are reported to contain type issues according to `pyright` with Python 3.10:
- [ ] `keyl…
-
Hi,
Thank you very much for documenting how to save timestamps that can be validated by openssl ts. I wonder, is it possible to use this library to go the other way, ie validate timestamps generat…
-
In our dev call today the idea of _trusted timestamps_: https://en.wikipedia.org/wiki/Trusted_timestamping
This would be a great addition to proving that a dataset was created at a specific point i…
-
according to [RFC3161 sec 2.3](https://tools.ietf.org/html/rfc3161#section-2.3) when signing a certificate for a time stamping usage, the extended key usage `Time Stamping` must be `critical`.
> id…