Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Metadata API: Add Key.from_securesystemslib_key()? #1458

Closed
jku opened this issue Jun 21, 2021 · 3 comments · Fixed by #1520
Closed

Metadata API: Add Key.from_securesystemslib_key()? #1458

jku opened this issue Jun 21, 2021 · 3 comments · Fixed by #1520
Assignees
@avelichka
Labels
good first issue Bite-sized items for first time contributors
Milestone
Sprint 6

Comments

@jku
Copy link
Member

jku commented Jun 21, 2021
edited
Loading

I've been playing with repository code / metadata creation and this is a mistake that's bit too easy to make:

sslib_key = generate_ed25519_key()
key = Key.from_dict(sslib_key["keyid"], sslib_key) # key for public TUF metadata
signer = SSlibSigner(sslib_key) # signing key

This works just fine... and results in public metadata that includes your private key (TUF key doesn't handle the private key of course but we allow unrecognised fields in the format). Oops.

We should probably have a function for this use case: The securesystemslib key format might be opaque to us (can't be 100% sure what's in there) but I think in this case making some assumptions about that is better than allowing the above to happen

So something like

from_securesystemslib_key(key_dict: Dict[str, Any]):
    return Key(
        keydict["keyid"],
        keydict["keytype"],
        keydict["scheme"],
        {"public": keydict["keyval"]["public"]}
    )

?
@jku jku mentioned this issue Jun 21, 2021
Closed
@trishankatdatadog
Copy link
Member

Very good point. Also making it clear in the function name itself whether you are also getting private or just public key.

@joshuagl joshuagl added backlog Issues to address with priority for current development goals good first issue Bite-sized items for first time contributors labels Jun 22, 2021
@avelichka
Copy link
Contributor

I'd like to give it a try, pls :)

@sechkova sechkova added this to the weeks26-27 milestone Jun 23, 2021
@jku
Copy link
Member Author

jku commented Jun 28, 2021
edited
Loading

actually securesystemslib.keys.format_keyval_to_metadata(keytype, scheme, key_value, private=False) probably does what we want? I think adding a helper still makes sense but it could call that instead of trying to parse key_value itself, and then I think the return value would be usable in Key.from_dict(sslib_key["keyid"], sslib_key)... It's still quite ugly but at least we wouldn't assume keyval contents

@joshuagl joshuagl modified the milestones: weeks26-27, Sprint 4 Jul 7, 2021
@joshuagl joshuagl removed the backlog Issues to address with priority for current development goals label Jul 7, 2021
@joshuagl joshuagl modified the milestones: Sprint 4, Sprint 5 Jul 28, 2021
This was referenced Aug 6, 2021
Closed
Merged
@jku jku modified the milestones: Sprint 5, Sprint 6 Aug 18, 2021
@jku jku closed this as completed in #1520 Aug 31, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@avelichka avelichka

Labels
good first issue Bite-sized items for first time contributors
Projects
None yet
Milestone
Sprint 6
Development

Successfully merging a pull request may close this issue.

Add Key.from_securesystemslib_key avelichka/tuf
5 participants
@jku @joshuagl @trishankatdatadog @sechkova @avelichka