Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update key types #28

Merged
merged 1 commit into from
May 1, 2020
Merged

Update key types #28

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 13 additions & 7 deletions in-toto-spec.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# in-toto Specification

Oct 1, 2019
Mar 25, 2020

https://in-toto.io

Expand Down Expand Up @@ -473,7 +473,6 @@ All signed files (i.e., link and layout files) have the format:
"signed" : "<ROLE>",
"signatures" : [
{ "keyid" : "<KEYID>",
"method" : "<METHOD>",
"sig" : "<SIGNATURE>" },
"..."
]
Expand All @@ -482,8 +481,8 @@ All signed files (i.e., link and layout files) have the format:

Where, ROLE is a dictionary whose "\_type" field describes the metadata type (as
described in sections 4.3 and 4.4). KEYID is the identifier of the key signing
the ROLE dictionary. METHOD is the key signing method used to generate the
signature. SIGNATURE is a signature of the canonical JSON form of ROLE.
the ROLE dictionary. SIGNATURE is a signature of the canonical JSON form of
ROLE.

The current reference implementation of in-toto defines three signing methods,
although in-toto is not restricted to any particular key signing method, key
Expand All @@ -499,18 +498,22 @@ All keys have the format:

```json
{ "keytype" : "<KEYTYPE>",
"scheme" : "<SCHEME>",
"keyval" : "<KEYVAL>" }
```

where KEYTYPE is a string describing the type of the key, and how it is used to
sign documents. The type determines the interpretation of KEYVAL.
KEYTYPE is a string denoting a public key signature system, such as RSA or
ECDSA. SCHEME is a string denoting a corresponding signature scheme. For
example: "rsassa-pss-sha256" and "ecdsa-sha2-nistp256". KEYVAL is a dictionary
containing the public portion of the key.

We define two key types at present: 'rsa' and 'ed25519'.
We define three key types at present: 'rsa', 'ed25519', and 'ecdsa'.
adityasaky marked this conversation as resolved.
Show resolved Hide resolved

The 'rsa' format is:

```json
{ "keytype" : "rsa",
"scheme" : "rsassa-pss-sha256",
"keyval" : { "public" : "<PUBLIC>",
"private" : "<PRIVATE>" }
}
Expand All @@ -523,13 +526,15 @@ The elliptic-curve variants ('ed25519' and 'ecdsa') format are:

```json
{ "keytype" : "ed25519",
"scheme" : "ed25519",
"keyval" : { "public" : "<PUBLIC>",
"private" : "<PRIVATE>" }
}
```

```json
{ "keytype" : "ecdsa",
"scheme" : "ecdsa-sha2-nistp256",
"keyval" : { "public" : "<PUBLIC>",
"private" : "<PRIVATE>" }
}
Expand All @@ -542,6 +547,7 @@ object:

```json
{ "keytype" : "rsa",
"scheme" : "rsassa-pss-sha256",
"keyval" : { "public" : "<PUBLIC>"}
}
```
Expand Down