Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: adds sigstore-certificate-maker poc #4

Merged
merged 4 commits into from
Nov 11, 2024
Merged

feat: adds sigstore-certificate-maker poc #4

merged 4 commits into from
Nov 11, 2024

Conversation

ianhundere
Copy link
Collaborator

closes #10

@github-actions github-actions bot added go documentation Improvements or additions to documentation docker github_actions build labels Nov 8, 2024
@ianhundere ianhundere force-pushed the feat/adds-poc-cert-maker branch from 1a27b0e to 58478e0 Compare November 9, 2024 00:53
@ianhundere ianhundere force-pushed the feat/adds-poc-cert-maker branch from 1e9c755 to ee5fadc Compare November 10, 2024 22:18
@amber-beasley-liatrio
Copy link

running through the readme

make target "check" doesn't exist?

@ianhundere
Copy link
Collaborator Author

ianhundere commented Nov 11, 2024
edited
Loading

ah, i used the go template which was completely broken. you'll see that even with the first commit things didn't work, so i blew away most of it.

https://github.com/liatrio/sigstore-certificate-maker/actions/runs/11688873648

the primary thing here to review is main.go:

will move this to the following repos when i get a definitive answer from the sigstore community:

@amber-beasley-liatrio
Copy link

amber-beasley-liatrio commented Nov 11, 2024
edited
Loading

I got (switch smells correct)

openssl x509 -in intermediate.pem -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: CN=https://blah.com
        Validity
            Not Before: Nov 10 13:14:09 2024 GMT
            Not After : Nov 10 13:14:09 2124 GMT
        Subject: O=Liatrio, CN=Intermediate CA
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:30:45:5f:a2:bb:23:c7:55:da:82:2c:a7:2f:9a:
                    f9:93:a5:f7:6e:b1:d9:a3:15:83:c2:31:36:3e:f6:
                    0e:0a:76:15:e9:70:f1:8c:49:ff:bd:e7:eb:4a:61:
                    8d:5a:f2:52:15:08:9e:0f:0a:72:77:b8:b8:7a:19:
                    17:e1:11:bc:e1
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                44:37:0E:93:7C:1E:98:19:66:D2:CA:29:62:F7:C0:F6:2D:91:9A:EF
            X509v3 Authority Key Identifier: 
                C3:18:CC:12:EC:9B:7E:E4:0A:3F:DB:7E:D9:97:F6:B5:2A:26:D4:64
    Signature Algorithm: ecdsa-with-SHA256
    Signature Value:
        30:45:02:20:72:1a:f6:3d:92:42:8c:90:10:0d:8b:f2:9c:01:
        36:89:39:50:84:0b:1e:c2:8b:27:d4:78:87:4e:7b:8d:77:be:
        02:21:00:bd:88:84:57:93:de:7b:0e:c1:e8:83:5f:73:8a:

@ianhundere ianhundere merged commit f27fdc5 into main Nov 11, 2024
3 checks passed
@ianhundere ianhundere deleted the feat/adds-poc-cert-maker branch November 11, 2024 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amber-beasley-liatrio amber-beasley-liatrio amber-beasley-liatrio approved these changes

Assignees
No one assigned
Labels
build docker documentation Improvements or additions to documentation github_actions go
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

spike/poc: cert create/kms-sign using smallstep's crypto library
2 participants
@ianhundere @amber-beasley-liatrio