Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for PKCS#8 #1130

Merged
merged 4 commits into from
Jul 25, 2017
Merged

Support for PKCS#8 #1130

merged 4 commits into from
Jul 25, 2017

Commits on Jul 25, 2017

  1. Add functionality to convert and parse PKCS#8 key 

    Hard forked package pkcs8 package from https://github.com/youmark/pkcs8 package.
It has been further modified based on the requirements of Notary. For converting
keys into PKCS#8 format, original package expected *crypto.PrivateKey interface,
which then type inferred to either *rsa.PrivateKey or *ecdsa.PrivateKey depending
on the need and later converted to ASN.1 DER encoded form, this whole process was
superfluous here as keys are already being kept in ASN.1 DER format wrapped in
data.PrivateKey structure. With these changes, package has became tightly coupled
with notary as most of the method signatures have been updated. Moreover support
for ED25519 keys has been added as well.

Signed-off-by: Umayr Shahid <umayr.shahid@gmail.com>
    @umayr
    umayr committed Jul 25, 2017
    Configuration menu
    Copy the full SHA
    d89793e View commit details
    Browse the repository at this point in the history

  2. Update TUF utility functions to handle PKCS#8 keys 

    Signed-off-by: Umayr Shahid <umayr.shahid@gmail.com>
    @umayr
    umayr committed Jul 25, 2017
    Configuration menu
    Copy the full SHA
    3939e19 View commit details
    Browse the repository at this point in the history

  3. Add function to check if running in FIPS mode 

    Signed-off-by: Umayr Shahid <umayr.shahid@gmail.com>
    @umayr
    umayr committed Jul 25, 2017
    Configuration menu
    Copy the full SHA
    09f0e03 View commit details
    Browse the repository at this point in the history

  4. Add PKCS#8 support 

    There are two modes in which notary can run with. For FIPS mode, that
could be switched on by setting an environment variable `GOFIPS`, only
PKCS#8 keys are supported, any other type of key will throw an error.
In Non-FIPS mode, private encrypted keys are supported as well, however
all new keys that get generated, will be PKCS#8.

Signed-off-by: Umayr Shahid <umayr.shahid@gmail.com>
    @umayr
    umayr committed Jul 25, 2017
    Configuration menu
    Copy the full SHA
    c9c91a3 View commit details
    Browse the repository at this point in the history