Open tnytown opened 3 weeks ago
Hello! That’s great you’re trying it out. I’d love to support the other key types, but we haven’t needed them on Fuchsia so there hasn’t been a driving force for it yet.
My plan to support them was actually to try to migrate rust-tuf over to a generic signature trait like https://docs.rs/signature/latest/signature/ where end users can bring their own crypto library. I don’t think it’d be particularly hard to do, I just haven’t had cycles to do it yet. Would you or your team be interested in helping out with it?
Thanks for the quick response! Unfortunately, we (@trailofbits) are at the end of our current contract for sigstore-rs
work. We'd be happy to work on this (and other Sigstore-related incompatibilities) when we get more funding, but that will probably take some time 😅 I just wanted to flag this issue for other users trying this library out with Sigstore.
Hey! Thanks for maintaining
rust-tuf
:) I'm trying this library out with the Sigstore TUF instance, evaluating if we can replacetough
in our Sigstore client. One thing that I noticed is that it doesn't seem to accept Sigstore's root metadata, returning this error fromClient::from_trusted_root
:I dug a little deeper and this may be related to the fact that the Sigstore uses ECDSA keys. From my quick skim of the codebase, ECDSA key deserialization and ecdsa-sha2-nistp256 signatures don't seem to be implemented. Are there any plans to support this key type?