lukpueh
commented
1 month ago Note: Tests fail because ssh-keygen refuses to consider world-readable signing keys. Since read permissions can't be checked into git, we'll need to fix this in test setup.
Closed lukpueh closed 3 weeks ago
lukpueh
commented
1 month ago Note: Tests fail because ssh-keygen refuses to consider world-readable signing keys. Since read permissions can't be checked into git, we'll need to fix this in test setup.
adityasaky
commented
1 month ago This looks great! Left some comments from a first look.
lukpueh
commented
1 month ago Just pushed a bunch of code comments and renames (sorry for the force push). Let me fix lint and tests and mark it as ready for review.
I think we can work on integration with TUF metadata in a follow-up PR.
lukpueh
commented
3 weeks ago @adityasaky: IMO this is ready to be merged. I can create a ticket for testing encrypted ssh keys on windows.
lukpueh
commented
3 weeks ago I can create a ticket for testing encrypted ssh keys on windows.
A Key struct, similar to tuf.Key, to be included in TUF metadata (not yet implemented), which implements the DSSE Verifier interface, to verify signatures created with Signer.
A Signer struct, which implements the DSSE Signer interface, to create signatures using
ssh-keygenand a path to a key.An Import function, to import a Key using
ssh-keygenand a path to a key.For signing and Key import paths to either public or private, plaintext or encrypted, rsa, ecdsa or ed25519 keys are supported (akin to git's user.signingKey configuration).
Also adds basic smoke tests for the
sshpackage, and replaces updates dsse tests to use this module.