Need some more detail on Key Format

[sandeep-at-ibm]

Hi, I am following ths doc here: https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-signing-service-signature-key&interface=ui to work with a signing service. Getting this error:

asn1: structure error: tags don't match (2 vs {class:0 tag:16 length:356 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false}  @4

I am looking for the following details to see if my Signing Service can be configured properly:

• a sample certificate, if you can, so we can get an idea about the format for the Public Key
• which Elliptic Curve format must be used by the Signing Service to generate the Keys?

[TiffanyLiIBM]

Hi @marco - Any idea on who we can work with for this? Thanks!

[clhgithubfree]

The only signature key type supported for a signing service is P521 ECC. That is documented at: https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-signing-service-signature-key.

The signing service must support two functions: 1) return the public part of a signature key, 2) sign the provided data. The expected format of the public key is also documented in the referenced web page.

There was a bug in how CLI uses the signing service. Make sure the customer has the latest version of the TKE CLI plug-in installed (version 1.4.1).

[sandeep-at-ibm]

Thanks @clhgithubfree for the update. Will try with the new TKE-plugin v1.4.1. For now, this issue can be closed.