Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot load cosign generated key pairs with empty password #380

Closed
gmpinder opened this issue Aug 4, 2024 · 2 comments · Fixed by #381
Closed

Cannot load cosign generated key pairs with empty password #380

gmpinder opened this issue Aug 4, 2024 · 2 comments · Fixed by #381
Labels
bug Something isn't working

Comments

@gmpinder
Copy link
Contributor

gmpinder commented Aug 4, 2024

Description

I've been working on integrating this crate into my CLI program and I ran into a situation where pem files generated by the cosign tool with an empty password couldn't be loaded.

COSIGN_PASSWORD="" COSIGN_YES="true" cosign generate-key-pair

I was getting Failed to parse the key: Unsupported key type, so I dug into why that was and found that the keys were being processed differently if the password had no length. Since the cosign CLI tool appears to allow the use of an empty password, then I believe that this should change to be in parity.

Version
0.9.0
@gmpinder gmpinder added the bug Something isn't working label Aug 4, 2024
This was referenced Aug 4, 2024
Merged
Merged
@gmpinder
Copy link
Contributor Author

gmpinder commented Sep 5, 2024

@flavio any possibility to get this out in a v0.9.1 patch?

@flavio
Copy link
Member

flavio commented Sep 6, 2024

I can't, the release is stuck because we're waiting for awslabs/tough#769 to be merged and for a new version of the tough crate to include it 😭

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Allow empty passwords for encrypted pem files gmpinder/sigstore-rs
2 participants
@flavio @gmpinder