aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* move issues to a common padRasmus Dahlberg2022-03-302-8/+0
|
* sign tree head using SSHSIGLinus Nordberg2022-03-251-8/+9
|
* change default signing algo to sha256Linus Nordberg2022-03-252-2/+2
|
* add issueLinus Nordberg2021-12-301-0/+3
|
* split armored ssh signature blob on column 70Linus Nordberg2021-12-091-2/+2
| | | | This is what ssh-keygen -Y sign does.
* follow spec wrt tree head ageLinus Nordberg2021-12-082-14/+5
| | | | | | Allow for 10s of clock drift too. Bug reported by rgdd.
* added issueRasmus Dahlberg2021-12-081-0/+10
|
* Merge branch 'main' of git.sigsum.org:sigsum-witness-pyLinus Nordberg2021-12-081-0/+5
|\
| * added issue about strict hex parsingRasmus Dahlberg2021-10-121-0/+5
| |
* | add tooling for signingLinus Nordberg2021-12-085-0/+252
|/ | | | | | | | There's tools for key generation and conversion and there's tools for signing and verifying a tree leaf. Note that the leaf signing tools use the yet to be decided about SSH signing format, with message (ie signers checksum) being hashed with SHA-512 to match SSH tooling (ssh-keygen -Y).
* we're sigsum nowv0.2.1Linus Nordberg2021-09-141-0/+0
|
* s/siglog/sigsum/gLinus Nordberg2021-09-141-6/+10
| | | | | | NOTE: default config directory is now ~/.config/sigsum-witness/ Also, change default log endpoint to poc.sigsum.org.
* v0/get-consistency-proof don't return the sizes anymorev0.2.0Linus Nordberg2021-09-141-7/+7
|
* follow more API changes in v0.2.0Linus Nordberg2021-09-141-8/+9
| | | | | | Signed Tree Heads binary format now contains a hash of the log pubkey. v0/add-cosignature takes cosignatures in 'cosignature='.
* signed tree head wire format doesn't include `key_hash` anymoreLinus Nordberg2021-09-141-3/+1
|
* base url is now sigsum/v0Linus Nordberg2021-09-141-3/+3
|
* adapted README.md to use sigsum terminologyRasmus Dahlberg2021-06-241-1/+2
|
* added BSD 2-Clause LicenseRasmus Dahlberg2021-06-241-18/+19
|
* fixed copyrightRasmus Dahlberg2021-06-231-1/+1
|
* add README and LICENSEv0.1.0Linus Nordberg2021-06-162-0/+34
|
* rename files signed_tree_head and signing_keyLinus Nordberg2021-06-161-7/+5
| | | | | | | | | | | NOTE: BREAKING COMPATIBILITY with old filenames To keep a config working after applying this change, do mv signed_tree_head signed-tree-head mv signing_key signing-key in the config directory.
* be explicit when we return NoneLinus Nordberg2021-06-161-0/+1
|
* don't fetch consistency proof when tree hasn't grownLinus Nordberg2021-06-161-1/+7
|
* use @properties in TreeHeadLinus Nordberg2021-06-161-38/+50
|
* refactoring log history validationLinus Nordberg2021-06-161-63/+63
|
* fix --base-dirLinus Nordberg2021-06-161-10/+10
|
* validate tree heads harderLinus Nordberg2021-06-161-6/+37
| | | | | | | | Disallow time travel, tree shrinkage, new tree hash for same sized tree, new tree size with same tree hash. Consider an STH seen iff all three attributes -- timestamp, size, hash -- are identical.
* a too old or too new tree head is not an errorLinus Nordberg2021-06-161-4/+5
| | | | | | | | | | We return !0 for critical errors that need human intervention. Let's consider a stale log and a log with a bad clock an intermittent and non critical error for now. We might want to change requirements on logs to separate freshness from clock skew. We should reconsider the severeness of those errors if that change happens.
* don't sign a tree head that's too old or too far in the futureLinus Nordberg2021-06-151-12/+26
|
* be less permissive of --bootstrap-logLinus Nordberg2021-06-151-0/+4
| | | | | | | | | | | The rationale behind not allowing --bootstrap-log and --generate-signing-key when they don't make any difference is that it should be impossible to use them in scripts that run multiple times since they're meant for manual "bootstrapping" procedures. Another reason is that they require user intervention but not until specific conditions arise (tree head missing, keyfile missing) which may happen only "after some time". Failing early is helpful.
* don't generate signing key just like thatLinus Nordberg2021-06-151-17/+44
| | | | | | | | | Given the importance of sane entropy and other operational security issues, it makes sense to require --generate-signing-key and user intervention to generate signing keys. For automated tests and deployment, a key can be pre-generated by other means.
* handle empty responseLinus Nordberg2021-06-151-1/+2
|
* readability: more explanatory variable namesLinus Nordberg2021-06-031-18/+18
|
* remove spurious assignmentLinus Nordberg2021-06-031-1/+0
|
* readabilityLinus Nordberg2021-06-031-1/+2
|
* get the logic for --bootstrap-log rightLinus Nordberg2021-06-031-57/+93
|
* error handling cleaned up a bitLinus Nordberg2021-06-031-70/+98
| | | | | Also, create base_dir in time, if it doesn't exist. Also also, set permission on base_dir when creating it.
* disallow the short form for --bootstrap-logLinus Nordberg2021-06-031-1/+1
| | | | | Since it's devastating to the value of the signature to not require a consistency proof, make it less likely that it's done inadvertently.
* exit with error if uploading the signature failsLinus Nordberg2021-06-031-13/+15
| | | | | | Also, make the code that is doing hex encoding in ASCII more readable by splitting up hashing and signing on the one side and hex encoding and converting bytes to ASCII on the other.
* implement witnessLinus Nordberg2021-06-021-0/+341
First stab, rough edges, unstable interfaces, will break things, you don't want to use it.