← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #47253

[Bug 1513973] Re: Add support for additional signature types

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.openstack.org/248237
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=a40e24460800c08f84b5f62c248cb00e61f4ee50
Submitter: Jenkins
Branch:    master

commit a40e24460800c08f84b5f62c248cb00e61f4ee50
Author: Dane Fichter <dane.fichter@xxxxxxxxxx>
Date:   Fri Feb 26 13:31:40 2016 -0800

    Add support for DSA signatures
    
    Previously, only RSA-PSS signatures were supported for signature
    verification in Glance. This patch adds support for verifying Digital
    Signature Algorithm signatures, including unit tests.
    
    Change-Id: I856399b6d28cf078aad2e280829671ffca85f533
    Closes-Bug: #1513973


** Changed in: glance
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1513973

Title:
  Add support for additional signature types

Status in Glance:
  Fix Released

Bug description:
  Currently, the only supported signature type for image signature
  verification [1] is RSA-PSS, although the signature type used is
  configurable.

  It would be advantageous to support multiple types of signatures
  beyond just RSA-PSS.  For one, different types of signatures become
  out of date with time (for example, PKCS1v15 is no longer recommended
  for new applications).  Also, the signature length is currently
  limited to 255, which limits RSA-PSS signatures to having a 1024-bit
  key, which is less than the minimum recommended key size for RSA.
  Elliptic Curve signatures, on the other hand, could fit into the 255
  limit while still using a recommended key size.

  This lite spec is for the addition of verification support for two
  additional signature types: DSA and Elliptic Curve

  Note that this support was discussed during the Tokyo Summit [2] and
  it was decided that it should be tracked as a lite spec.

  [1] http://specs.openstack.org/openstack/glance-specs/specs/liberty/image-signing-and-verification-support.html
  [2] https://etherpad.openstack.org/p/mitaka-glance-image-signing-and-encryption

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1513973/+subscriptions

References

  Thread PreviousDate PreviousThread Next