Clarify key ID is a digest over SPKI (#73)

* Clarify key ID is a digest over PKIX encoding The comment said the DER encoding, which is not what RFC6962 specifies. We noted in root-signing that trusted_root.json's key IDs were over the DER encoding of the key, rather than the SubjectPublicKeyInfo structure, which is the raw key and an OID. Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * Update wording Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> --------- Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
sigstore · Apr 14, 2023 · b6d2576 · b6d2576
1 parent 4dbf10b
commit b6d2576
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 8 deletions.
diff --git a/gen/pb-go/common/v1/sigstore_common.pb.go b/gen/pb-go/common/v1/sigstore_common.pb.go
diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py
diff --git a/gen/pb-typescript/src/__generated__/sigstore_common.ts b/gen/pb-typescript/src/__generated__/sigstore_common.ts
diff --git a/protos/sigstore_common.proto b/protos/sigstore_common.proto
@@ -85,8 +85,9 @@ message MessageSignature {
 // LogId captures the identity of a transparency log.
 message LogId {
         // The unique id of the log, represented as the SHA-256 hash
-        // of the log's public key, computed over the DER encoding.
-        // <https://www.rfc-editor.org/rfc/rfc6962#section-3.2>
+        // of the log's public key, calculated over the DER encoding
+        // of the key represented as SubjectPublicKeyInfo.
+        // See https://www.rfc-editor.org/rfc/rfc6962#section-3.2
         bytes key_id = 1 [(google.api.field_behavior) = REQUIRED];
 }