Closed tomaszkrzyzanowski closed 4 months ago
tomaszkrzyzanowski
commented
7 months ago @cipherboy thanks for all the suggestions, the idea behind merging checkKeyType and wrapPrivateKey looks much more obvious right now 😅
I'm going to test out the EC keys during the weekend and leave the feedback if they are working fine or require some more work :)
tomaszkrzyzanowski
commented
7 months ago @cipherboy I have tested yesterday the EC key-based signatures, and it doesn't work.
It fails to verify the Vault Transit's signature on the notation cli side right after signature creation - the plugin output is failing with
Error: generated signature failed verification: signature is invalid. Error: crypto/ecdsa: verification error
But as for now I have no clue, why Vault would respond with a broken signature - probably sth in invocation of "SignWithTransit()" - I assumed that "signature_algorithm" should be empty for ECDSA (as Vault transit api doc say nothing about EC for that field)
So seems like I'm stuck right now with this, and I'm not sure how I should approach this to solve this, or maybe remove the EC parts and deliver longer RSA only for now
tomaszkrzyzanowski
commented
4 months ago I have longer break, but I finally have time to tidy this up
I'm going to provide smaller PR just for RSA longer keys, as it blocks me to use the plugin it in project
tomaszkrzyzanowski
commented
4 months ago Closing as #23 contains cleaned-up version
Closes #20
as @cipherboy suggested I have created the code to support longer RSA and added support for ECDSA keys
Looking forward to suggestions as I'm not very proficient in Go yet :)