Skip to content
This repository has been archived by the owner on Jan 17, 2023. It is now read-only.

Scope Keygrip usage #4882

Closed
ianb opened this issue Sep 12, 2018 · 0 comments
Closed

Scope Keygrip usage #4882

ianb opened this issue Sep 12, 2018 · 0 comments
Assignees
@ianb
Milestone
Sprint 22 (64-3)

Comments

@ianb
Copy link
Contributor

ianb commented Sep 12, 2018

Per Bug 1389708, we shouldn't let you sign something for one purpose, then use the same thing to another purpose. To do this we'll use different Keygrip instances, and different secret keys.

This is instead of #4840
@ianb ianb added this to the Sprint 21 (64-2) milestone Sep 12, 2018
@ianb ianb self-assigned this Sep 12, 2018
@ianb ianb mentioned this issue Sep 12, 2018
Closed
ianb added a commit that referenced this issue Sep 12, 2018
@ianb
Fix #4882, use different secrets for different signing purposes
5243f38 
This adds signing 'scopes', so that if you get something signed for one scope, you can't use it for another scope. E.g., you can't get a download URL and use that for an authentication key.

This keeps the 'legacy' scope, which is the current single key. This can be used now to make sure everything works when people upgrade, but removed later as people have used to the new specific scopes. But nothing new will be signed with the legacy scope once this is deployed.

This also updates some functions to use async/await.
@ianb ianb mentioned this issue Sep 12, 2018
Closed
@ianb ianb closed this as completed in 429a593 Sep 17, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ianb ianb

Labels
None yet
Projects
None yet
Milestone
Sprint 22 (64-3)
Development

No branches or pull requests
2 participants
@ianb @clouserw