Skip to content

Commit

Permalink
Spx: Make SpxKey not part of default keyset
Browse files Browse the repository at this point in the history
Clients that want to enable SPHINCS keys can easily do that with
  KEY_FOR_TYPE_AND_SCHEME[("sphincs", "sphincs-shake-128s")]: SpxKey

This makes Spx and Sigstore behave similarly.
  • Loading branch information
jku committed Sep 1, 2023
1 parent e7f7c89 commit 936bc04
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion securesystemslib/signer/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,10 @@
}
)

# Signers with currently unstable metadata formats, not supported by default:
# SigstoreSigner,
# SpxSigner (also does not yet support private key uri scheme)

# Register supported key types and schemes, and the Keys implementing them
KEY_FOR_TYPE_AND_SCHEME.update(
{
Expand All @@ -54,9 +58,12 @@
("rsa", "rsa-pkcs1v15-sha256"): SSlibKey,
("rsa", "rsa-pkcs1v15-sha384"): SSlibKey,
("rsa", "rsa-pkcs1v15-sha512"): SSlibKey,
("sphincs", "sphincs-shake-128s"): SpxKey,
("rsa", "pgp+rsa-pkcsv1.5"): GPGKey,
("dsa", "pgp+dsa-fips-180-2"): GPGKey,
("eddsa", "pgp+eddsa-ed25519"): GPGKey,
}
)

# Keys with currently unstable metadata formats, not supported by default:
# ("sphincs", "sphincs-shake-128s"): SpxKey,
# ("sigstore-oidc", "Fulcio"): SigstoreKey,

0 comments on commit 936bc04

Please sign in to comment.