Closed lukpueh closed 7 months ago
related: #587
It's hard to tell when to mark this issue as resolved, but I would say that the public key metadata format has been revised. Realistically, there won't be many changes, given that past changes have been quite disruptive for users.
The good news is that the implementation is way better decoupled from the public key metadata format these days, which makes all of this easier to address.
I suggest to fix remaining concerns above all in docs, for which we have more reasonably scoped tickets. See inline...
Expected behavior:
'keyid'
- better decouple default keyids from keys, to allow the use of custom keyids, but with a canonical json computed keyid as fallback
done
- clarify if keyid is optional in the key object
The Key
interfaces requires a keyid
, the default serialization methods (to/from_dict
), however, do not include a keyid. Users can easily override this behavior.
Related issues: #416, #670
- Consolidate 'keytype', 'type', 'scheme', 'method', 'hashes' fields and values
The concerns about redundancy and semantic correctness of keytype/scheme pairs are still valid, however, changing the existing values is not worth the effort (see all the issues related to the ecdsa keytype change).
method
and hashes
are specific to the securesystemslib.gpg
subpackage, which is not part of the documented API. GPGKey
provides a compatibility layer, which uses keytype/scheme instead.
'keyval'
- consolidate values (see e.g. serialized rsa PEM vs. non-serialized rsa numbers)
The exact keyval
format is a detail of a specific Key
implementation. Despite inconsistency, the current formats for existing keytype/scheme pairs are unlikely to change for the reasons described above.
- clarify if 'private' field may be omitted or should be just empty for public keys
Private keys are now separated (Signer
) from public keys (Key
). This means that securesystemlsib no longer populates or uses a private
field.
- optional fields
The Key
interface supports de/serialization of unrecognised fields.
Related issues: #467, #587
- deprecate 'keyid_hash_algorithms'
done
- maybe consolidate 'validity_period' and 'expires'?
Removed from GPGKey, see GPGSigner.import_
docstring for background
Description of issue or feature request:
https://github.com/secure-systems-lab/securesystemslib/issues/251 discusses various consistency concerns related to securesystemslib (TUF/in-toto) cryptographic keys.
This is an attempt to carve (and flesh) out only those concerns related to the format of public keys as they appear in TUF/in-toto metadata, with the goal of a clear specification likely as part (or appendix) of the new signing-spec and its reference implementation in
securesystemslib
.Below in 'Current behavior' is an exhaustive list of available values for public keys as currently implemented in
securesystemslib
. This includes rsa, ecdsa, ed25519 and spx (WIP #169) keys generated withsecuresystemslib
, plus keys exported from a GnuPG keyring usingsecuresystemslib.gpg
or from a cryptographic token (e.g. HSM) usingsecuresystemslib.hsm
(WIP #229).Related concerns and calls for action are listed further below in 'Expected behavior'.
Current behavior:
Public key container (mandatory fields)
'keyid'
gpg
keys only)Note that 'keyid' is not part of the public key metadata format according to in-toto/TUF specifications and tuf reference implementation, but it is included in the in-toto reference implementation (see #251 PR description).
'keytype'
'scheme'
'type'
(
gpg
keys only, instead of 'keytype')'method'
(
gpg
keys only, instead of 'scheme')'hashes'
(
gpg
keys only, instead of 'scheme')'keyval'
'public'
gpg
(RFC4880)gpg
(RFC4880)gpg
(RFC4880)'private'
(NOTE: The 'private' portion is not directly relevant for this issue, as it must not be included in TUF/in-toto metadata. For the sake of completeness we still list the private key values that are currently kept internally in
securesystemslib
).Optional fields
Expected behavior:
'keyid'
Consolidate 'keytype', 'type', 'scheme', 'method', 'hashes' fields and values
'keyval'
optional fields