Skip to content

Commit

Permalink
Use ValidatePubKey from sigstore/sigstore
Browse files Browse the repository at this point in the history 
This improves RSA, ECDSA, and ED25519 (no-op) validation for imported keys.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
  • Loading branch information
@haydentherapper
haydentherapper committed Mar 28, 2022
1 parent a1781eb commit 8c7caaf
Show file tree
Hide file tree
Showing 4 changed files with 180 additions and 49 deletions.
9 changes: 6 additions & 3 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ require (
github.com/secure-systems-lab/go-securesystemslib v0.3.1
github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7
github.com/sigstore/rekor v0.4.1-0.20220114213500-23f583409af3
github.com/sigstore/sigstore v1.1.1-0.20220324220036-a3f98177f3b0
github.com/sigstore/sigstore v1.2.1-0.20220328200116-ef48ee800626
github.com/spf13/cobra v1.4.0
github.com/spf13/viper v1.10.1
github.com/spiffe/go-spiffe/v2 v2.0.0
Expand Down Expand Up @@ -128,7 +128,7 @@ require (
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
github.com/ReneKroon/ttlcache/v2 v2.11.0 // indirect
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
github.com/aws/aws-sdk-go v1.43.24 // indirect
github.com/aws/aws-sdk-go v1.43.27 // indirect
github.com/aws/aws-sdk-go-v2 v1.14.0 // indirect
github.com/aws/aws-sdk-go-v2/config v1.14.0 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.9.0 // indirect
Expand Down Expand Up @@ -210,17 +210,19 @@ require (
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
github.com/hashicorp/vault/api v1.4.1 // indirect
github.com/hashicorp/vault/api v1.5.0 // indirect
github.com/imdario/mergo v0.3.12 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/jedisct1/go-minisign v0.0.0-20210703085342-c1f07ee84431 // indirect
github.com/jhump/protoreflect v1.9.0 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548 // indirect
github.com/jonboulle/clockwork v0.2.2 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/compress v1.14.2 // indirect
github.com/leodido/go-urn v1.2.1 // indirect
github.com/letsencrypt/boulder v0.0.0-20220322173223-dd8be8d7b02c // indirect
github.com/magiconair/properties v1.8.5 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.12 // indirect
Expand Down Expand Up @@ -259,6 +261,7 @@ require (
github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 // indirect
github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 // indirect
github.com/thales-e-security/pool v0.0.2 // indirect
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect
github.com/vbatts/tar-split v0.11.2 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
Expand Down
Loading

0 comments on commit 8c7caaf

Please sign in to comment.