From 10b9b1bac6fd01c9f8043c54d18bd6fda534f205 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Wed, 7 Jun 2023 16:46:42 -0400
Subject: [PATCH] sign: switch to P-256 (#662)

This is faster than P-384, is well-supported, and is well within
security margins.

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 CHANGELOG.md     | 3 +++
 sigstore/sign.py | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a867b7db..c67decb7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -48,6 +48,9 @@ All versions prior to 0.9.0 are untracked.
   reducing the number of cryptographic operations and network roundtrips
   required when signing more than one input
   ([#645](https://github.com/sigstore/sigstore-python/pull/645))
+  
+* `sigstore sign` now uses an ephemeral P-256 keypair, rather than P-384
+  ([#662](https://github.com/sigstore/sigstore-python/pull/662))
 
 ### Fixed
 
diff --git a/sigstore/sign.py b/sigstore/sign.py
index 3750f0b7..eccaa8c6 100644
--- a/sigstore/sign.py
+++ b/sigstore/sign.py
@@ -127,7 +127,7 @@ def _private_key(self) -> ec.EllipticCurvePrivateKey:
         """Get or generate a signing key."""
         if self.__cached_private_key is None:
             logger.debug("no cached key; generating ephemeral key")
-            return ec.generate_private_key(ec.SECP384R1())
+            return ec.generate_private_key(ec.SECP256R1())
         return self.__cached_private_key
 
     def _signing_cert(