Traceback (most recent call last):
File "/home/ubuntu/.local/bin/scitt", line 11, in <module>
load_entry_point('pyscitt', 'console_scripts', 'scitt')()
File "/home/ubuntu/scitt-ccf-ledger/pyscitt/pyscitt/cli/main.py", line 42, in main
args.func(args)
File "/home/ubuntu/scitt-ccf-ledger/pyscitt/pyscitt/cli/sign_claims.py", line 211, in <lambda>
func=lambda args: sign_claims(
File "/home/ubuntu/scitt-ccf-ledger/pyscitt/pyscitt/cli/sign_claims.py", line 141, in sign_claims
signed_claims = kv_client.cose_sign(
File "/home/ubuntu/scitt-ccf-ledger/pyscitt/pyscitt/key_vault_sign_client.py", line 81, in cose_sign
tbs = create_cose_sign1_prepare(
File "/home/ubuntu/.local/lib/python3.8/site-packages/ccf/cose.py", line 143, in create_cose_sign1_prepare
alg = default_algorithm_for_key(cert.public_key())
File "/home/ubuntu/.local/lib/python3.8/site-packages/ccf/cose.py", line 96, in default_algorithm_for_key
raise NotImplementedError("unsupported key type")
NotImplementedError: unsupported key type
Expected behavior
The command should not complain and sign the payload
Describe the bug
Cannot use sign operation with an RSA key. The underlying cose signing operation does not support RSA it seems https://github.com/microsoft/CCF/blob/a58d2c880b3691211ed7fa68b684e1ef5bfabf4c/python/ccf/cose.py#L82
To Reproduce
az keyvault certificate download --vault-name $VAULTNAME -n $CERTNAME -f cabundle.pem -e PEM
Create AKV details json file for the CLI to use
akv-config.json
:claim-foobar.txt
Invoke the CLI to create a signature:
The failure:
Expected behavior The command should not complain and sign the payload