Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pivkey: Change default slot to Signature (9c) #450

Merged
merged 1 commit into from
Jul 18, 2021
Merged

pivkey: Change default slot to Signature (9c) #450

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cmd/cosign/cli/public_key.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ func PublicKey() *ffcli.Command {
flagset = flag.NewFlagSet("cosign public-key", flag.ExitOnError)
key = flagset.String("key", "", "path to the private key file, public key URL, or KMS URI")
sk = flagset.Bool("sk", false, "whether to use a hardware security key")
slot = flagset.String("slot", "", "security key slot to use for generated key (authentication|signature|card-authentication|key-management)")
slot = flagset.String("slot", "", "security key slot to use for generated key (default: signature) (authentication|signature|card-authentication|key-management)")
outFile = flagset.String("outfile", "", "file to write public key")
)

Expand Down
2 changes: 1 addition & 1 deletion cmd/cosign/cli/sign.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ func Sign() *ffcli.Command {
key = flagset.String("key", "", "path to the private key file, KMS URI or Kubernetes Secret")
upload = flagset.Bool("upload", true, "whether to upload the signature")
sk = flagset.Bool("sk", false, "whether to use a hardware security key")
slot = flagset.String("slot", "", "security key slot to use for generated key (authentication|signature|card-authentication|key-management)")
slot = flagset.String("slot", "", "security key slot to use for generated key (default: signature) (authentication|signature|card-authentication|key-management)")
payloadPath = flagset.String("payload", "", "path to a payload file to use rather than generating one.")
force = flagset.Bool("f", false, "skip warnings and confirmations")
recursive = flagset.Bool("r", false, "if a multi-arch image is specified, additionally sign each discrete image")
Expand Down
2 changes: 1 addition & 1 deletion cmd/cosign/cli/sign_blob.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ func SignBlob() *ffcli.Command {
key = flagset.String("key", "", "path to the private key file or a KMS URI")
b64 = flagset.Bool("b64", true, "whether to base64 encode the output")
sk = flagset.Bool("sk", false, "whether to use a hardware security key")
slot = flagset.String("slot", "", "security key slot to use for generated key (authentication|signature|card-authentication|key-management)")
slot = flagset.String("slot", "", "security key slot to use for generated key (default: signature) (authentication|signature|card-authentication|key-management)")
idToken = flagset.String("identity-token", "", "[EXPERIMENTAL] identity token to use for certificate from fulcio")
output = flagset.String("output", "", "write the signature to FILE")
)
Expand Down
2 changes: 1 addition & 1 deletion cmd/cosign/cli/verify.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ func applyVerifyFlags(cmd *VerifyCommand, flagset *flag.FlagSet) {
annotations := annotationsMap{}
flagset.StringVar(&cmd.KeyRef, "key", "", "path to the public key file, URL, KMS URI or Kubernetes Secret")
flagset.BoolVar(&cmd.Sk, "sk", false, "whether to use a hardware security key")
flagset.StringVar(&cmd.Slot, "slot", "", "security key slot to use for generated key (authentication|signature|card-authentication|key-management)")
flagset.StringVar(&cmd.Slot, "slot", "", "security key slot to use for generated key (default: signature) (authentication|signature|card-authentication|key-management)")
flagset.BoolVar(&cmd.CheckClaims, "check-claims", true, "whether to check the claims found")
flagset.StringVar(&cmd.Output, "output", "json", "output the signing image information. Default JSON.")

Expand Down
2 changes: 1 addition & 1 deletion cmd/cosign/cli/verify_blob.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ func VerifyBlob() *ffcli.Command {
flagset = flag.NewFlagSet("cosign verify-blob", flag.ExitOnError)
key = flagset.String("key", "", "path to the public key file, URL, or KMS URI")
sk = flagset.Bool("sk", false, "whether to use a hardware security key")
slot = flagset.String("slot", "", "security key slot to use for generated key (authentication|signature|card-authentication|key-management)")
slot = flagset.String("slot", "", "security key slot to use for generated key (default: signature) (authentication|signature|card-authentication|key-management)")
cert = flagset.String("cert", "", "path to the public certificate")
signature = flagset.String("signature", "", "path to the signature")
)
Expand Down
2 changes: 1 addition & 1 deletion pkg/cosign/pivkey/util.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ import (
func SlotForName(slotName string) *piv.Slot {
switch slotName {
case "":
return &piv.SlotAuthentication
return &piv.SlotSignature
case "authentication":
return &piv.SlotAuthentication
case "signature":
Expand Down