You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Don''t have the resolution just yet, but opening this to track
COSIGN_EXPERIMENTAL=1 go run cmd/cosign/main.go sign -fulcio-server http://127.0.0.1:5555 ghcr.io/lukehinds/sigstore-test-three:latest
Generating ephemeral keys...
Retrieving signed certificate...
Your browser will now be opened to:
https://oauth2.sigstore.dev/auth/auth?access_type=online&client_id=sigstore&code_challenge=dH3cg1zLx7XIsreUP79k9zYDU_-BJuPBkr8zaV_8QZI&code_challenge_method=S256&nonce=1vqTxBpal7N6wZiPE13kAjUtMa2&redirect_uri=http%3A%2F%2Flocalhost%3A5556%2Fauth%2Fcallback&response_type=code&scope=openid+email&state=1vqTx4qnjHmmOASyiY15WY8kIB8
warning: uploading to the transparency log at https://rekor.sigstore.dev for a private image, please confirm [Y/N]: Y
tlog entry created with index: 11028
Pushing signature to: ghcr.io/lukehinds/sigstore-test-three:sha256-568999d4aedd444465c442617666359ddcd4dc117b22375983d2576c3847c9ba.sig
COSIGN_EXPERIMENTAL=1 go run cmd/cosign/main.go verify ghcr.io/lukehinds/sigstore-test-three:latest
error: no matching signatures:
x509: certificate specifies an incompatible key usage
exit status 1
The text was updated successfully, but these errors were encountered:
lukehinds
pushed a commit
to lukehinds/fulcio
that referenced
this issue
Jul 26, 2021
There was an issue with invalid key types when verifying
cosign signed registry sigs with a fulcio cert generated using
the fuclio createca command
This PR makes the resulting createca generated cert have partity
to GCA generated certs
The result is a HSM / createca root cert can be used to both sign
and verify registry entries
Resolves: sigstore#150
Signed-off-by: Luke Hinds <lhinds@redhat.com>
There was an issue with invalid key types when verifying
cosign signed registry sigs with a fulcio cert generated using
the fuclio createca command
This PR makes the resulting createca generated cert have partity
to GCA generated certs
The result is a HSM / createca root cert can be used to both sign
and verify registry entries
Resolves: #150
Signed-off-by: Luke Hinds <lhinds@redhat.com>
Don''t have the resolution just yet, but opening this to track
The text was updated successfully, but these errors were encountered: