Encoding is Base64 but TUF uses Hex

haskell / hackage-security

Hackage security framework based on TUF (The Update Framework)

http://hackage.haskell.org/package/hackage-security

56 stars 48 forks source link

Encoding is Base64 but TUF uses Hex #52

Open tekul opened 9 years ago

tekul commented 9 years ago

Just a minor question. When I run hackage-local, the encoding for keys and so on seems to all be in Base64, but the TUF spec shows everything as hex-encoded.

To avoid future compatibility issues (e.g. a generic Haskell TUF implementation which could be used by other repositories, not just Hackage, and might need to interact with other clients) might it not be better to use the same encoding?

edsko commented 9 years ago

The TUF spec says to use hex encoding for key IDs (and we do); it leaves the encoding for actual keys open (indeed, it leaves the entire public key algorithm open) -- I don't think think it gives a specific format in which it expects keys. But if I'm wrong about that and it does specify a specific format for keys (in particular, for ED25519 keys) then yes, we should match it.

tekul commented 9 years ago

Yeah, it only seems to mention PEM format for RSA keys. It seems a bit of an omission though, since a client would then have to know the format in advance (or try multiple options).