Add keyless support (also with private fulcio/rekor instance) #1493
Labels
Comments
|
Hey @pflaeging ! We definately want to support keyless verification for cosign, but it might have to wait for a little bit. We are currently working on a golang rewrite of the code and instead of doing the work twice (for python and go) it's better to do it just once. We already made some efforts to support a private rekor instance in the go version, so the implementation should be easier there. We'll make an announcement, once the golang version is ready and then we'll tackle this issue. Cheers. |
phbelitz
added
cosign
|
Is there anything new in terms of keyless verification? |
|
Unfortunatly not. Its the next thing we'll be working on. |
phbelitz
added a commit
that referenced
this issue
Jun 14, 2024
Adds support for keyless cosign verification. This feature allows users to verify images signed with cosign without the need for a public key. fixes #1493
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It would be great to have working keyless support in connaisseur.
We made a strong effort to establish a system to rollout your own instance of fulcio and rekor (look at https://gitlab.opencode.de/ig-bvc/ag-sig/fulcio-rekor-rollout). This is a project for european public agencies to share secure container.
I've tried to write down the assets to verify images with cosign (https://gitlab.opencode.de/ig-bvc/ag-sig/fulcio-rekor-rollout/-/blob/main/WhatIsNeededForVerify.md).
I've seen the principal hooks inside connaisseurs are there but empty (not implemented yet).
Can we start a discussion to implement it? There's example code for signing and verification in the repo above.
Thanks in advance
peter [email protected]
The text was updated successfully, but these errors were encountered: