Open drauch opened 4 years ago
(Is RSASSA-PSS-SHA256 even supported or is Docker supporting the ECDSA-based method only?)
It's currently hardcoded to ECDSA - https://github.com/theupdateframework/notary/blob/master/client/client.go#L418
That's true for creating new signatures with the Notary framework, how about verifying existing signatures? Does Docker Hub accept other signatures as well? E.g., RSA PKCS1 signatures?
According to https://github.com/theupdateframework/specification/blob/master/tuf-spec.md the TUF reference implementation only supports rsassa-pss-sha256, ed25519 and ecdsa-sha2-nistp256 - is this true for Notary, and especially for Docker Hub?
Is it possible to use RSA PKCS1 instead or are such signatures rejected?
Best regards, D.R.