Skip to content

Add tink package#2024

Merged
Hayden-IO merged 1 commit intosigstore:mainfrom
cmurphy:tink
Mar 11, 2025
Merged

Add tink package#2024
Hayden-IO merged 1 commit intosigstore:mainfrom
cmurphy:tink

Conversation

@cmurphy
Copy link
Copy Markdown
Contributor

@cmurphy cmurphy commented Mar 11, 2025

Copy in the tink package from Rekor v1 so that it can be used by other services.

Relates to sigstore/rekor-tiles#9

Summary

Release Note

Documentation

@cmurphy cmurphy requested review from a team as code owners March 11, 2025 16:13
@cmurphy
Add tink package
a6137a5 
Copy in the tink package from Rekor v1 so that it can be used by other
services.

Signed-off-by: Colleen Murphy <colleenmurphy@google.com>
@cmurphy cmurphy requested a review from Hayden-IO March 11, 2025 16:24
Hayden-IO
Hayden-IO reviewed Mar 11, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@Hayden-IO Hayden-IO left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we copy in the code for GetPrimaryKey which initializes a Tink decrypter given a KMS key, and NewTinkSigner to decrypt a keyset given a key? https://github.com/sigstore/timestamp-authority/blob/1abfce06d86c2e78094ec537ddebc92c4f9a051b/pkg/signer/tink.go#L53-L100 (and tests)

There's a bit of deviation between NewTinkSigner across Fulcio, Rekor and the TSA. The TSA implementation looks to be the most up to date.

@cmurphy
Copy link
Copy Markdown
Contributor Author

cmurphy commented Mar 11, 2025

Should we copy in the code for GetPrimaryKey which initializes a Tink decrypter given a KMS key, and NewTinkSigner to decrypt a keyset given a key?

This isn't ideal for what we're trying to use it for in rekor, NewTinkSigner returns a crypto.Signer when what we need is a sigstore/sigstore/pkg/signature.Signer

Hayden-IO
Hayden-IO approved these changes Mar 11, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@Hayden-IO Hayden-IO left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good. I guess GetPrimaryKey is also overkill since we only support GCP currently.

@Hayden-IO Hayden-IO merged commit c049f8d into sigstore:main Mar 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Hayden-IO Hayden-IO Hayden-IO approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cmurphy @Hayden-IO