Closed lukpueh closed 3 weeks ago
Note: Tests fail because ssh-keygen
refuses to consider world-readable signing keys. Since read permissions can't be checked into git, we'll need to fix this in test setup.
This looks great! Left some comments from a first look.
Just pushed a bunch of code comments and renames (sorry for the force push). Let me fix lint and tests and mark it as ready for review.
I think we can work on integration with TUF metadata in a follow-up PR.
@adityasaky: IMO this is ready to be merged. I can create a ticket for testing encrypted ssh keys on windows.
I can create a ticket for testing encrypted ssh keys on windows.
A Key struct, similar to tuf.Key, to be included in TUF metadata (not yet implemented), which implements the DSSE Verifier interface, to verify signatures created with Signer.
A Signer struct, which implements the DSSE Signer interface, to create signatures using
ssh-keygen
and a path to a key.An Import function, to import a Key using
ssh-keygen
and a path to a key.For signing and Key import paths to either public or private, plaintext or encrypted, rsa, ecdsa or ed25519 keys are supported (akin to git's user.signingKey configuration).
Also adds basic smoke tests for the
ssh
package, and replaces updates dsse tests to use this module.