When constructing a Sigstore bundle, you have to choose if your content is going to be a Message Signature or a DSSE Envelope, which can then influence other things like if your Rekor entry type is hashedrekord or DSSE.
To support this, we might need to modify the sign-bundle CLI protocol to include a boolean flag when you want a DSSE Envelope (sigstore-go's signing example uses --in-toto as often these are in-toto documents).
Depending on client support, we might also want to make these new DSSE signing tests opt-in to start.
Description
When constructing a Sigstore bundle, you have to choose if your content is going to be a Message Signature or a DSSE Envelope, which can then influence other things like if your Rekor entry type is hashedrekord or DSSE.
Today, the conformance signing tests assume you're always using a Message Signature (we do have a verification test for bundles with a DSSE envelope.
To support this, we might need to modify the sign-bundle CLI protocol to include a boolean flag when you want a DSSE Envelope (sigstore-go's signing example uses
--in-totoas often these are in-toto documents).Depending on client support, we might also want to make these new DSSE signing tests opt-in to start.