yaml signing failing : unsupported pem type: ENCRYPTED SIGSTORE PRIVATE KEY

[rakrup]

Description

I am getting an error when I am attempting to sign a YAML with the kubectl plugin.

Steps to reproduce the error

1. Created a cosign key pair using the generate command
2. installed kubectl signore plugin
3. Tried to sign a sample yaml using the command mentioned below.

Error :

kubectl sigstore sign -f simple_deploy.yaml -k cosign.key --tarball=no
Enter password for private key:
Using payload from: /var/folders/rc/bbc3zv_x51x0ly86x7899bdc0000gn/T/kubectl-sigstore-temp-dir2446365628/tmp-blob-file
FATA[0001] error occurred during signing: failed to sign the specified content: failed to sign a blob file: cosign.SignBlobCmd() returned an error: reading key: unsupported pem type: ENCRYPTED SIGSTORE PRIVATE KEY

Version

Cosign version GitVersion: 2.0.1 GitCommit: 8faaee4d2b5f65678eb0831a8a3d5990a0271d3a GitTreeState: "clean" BuildDate: 2023-04-06T19:10:33Z GoVersion: go1.20.3 Compiler: gc Platform: darwin/amd64

kubectl version Client Version: version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.4", GitCommit:"872a965c6c6526caa949f0c6ac028ef7aff3fb78", GitTreeState:"clean", BuildDate:"2022-11-09T13:36:36Z", GoVersion:"go1.19.3", Compiler:"gc", Platform:"darwin/amd64"}

sigstore version kubectl sigstore version {"Major":"0","Minor":"4","GitVersion":"v0.4.4","GitCommit":"unknown","GitTreeState":"unknown","BuildDate":"unknown","GoVersion":"go1.18.1","Compiler":"gc","Platform":"darwin/amd64"}

[lukehinds]

fyi @hirokuni-kitahara / @yuji-watanabe-jp

[yuji-watanabe-jp]

@rakrup we will check this issue.

[hirokuni-kitahara]

Hi @rakrup, thank you for reporting this issue! Now I have updated k8s-manifest-sigstore to support key pairs generated by cosign v2.x, and it has been released as v0.5.0 (link) Please try it out. Thank you :)

[rakrup]

@hirokuni-kitahara I tested out the v0.5.0 release. It works fine for signing the yaml manifests.