Skip to content

PGI spec: add supported algorithms section #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

PGI spec: add supported algorithms section #47

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f699be7
PGI spec: add supported algorithms section
woodruffw Apr 14, 2025
c2980eb
add TSA section
woodruffw Apr 15, 2025
9be1517
attempt to better document algorithm purposes
woodruffw Apr 15, 2025
aa54728
update algorithms
woodruffw Apr 15, 2025
e4ffb6b
clarify Rekor versions
woodruffw Apr 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 42 additions & 18 deletions algorithm-registry.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,27 +6,51 @@ file **must** be reflected in the `PublicKeyDetails` enumeration in
[`sigstore_common.proto`] in [sigstore/protobuf-specs].

Sigstore clients aren't required to support all algorithms in this registry,
and **MAY** support algorithms that aren't in the registry. However,
compatibility with the Sigstore Public Good Instance requires support
for at least one of these algorithms.
and **MAY** support algorithms that aren't in the registry.

See [Spec: Sigstore Public Deployment](./sigstore-public-deployment-spec.md)
for the algorithms supported by Sigstore's public good instance.

## Algorithm Purposes

The following legend describes the purpose of each algorithm below.

| Symbol | Description | Example |
|--------|-------------| ------- |
| 🔑 | End-user signing (ephemeral or long-lived keys) | A user signing with [`cosign`] |
| 🔗 | TUF metadata signing | [sigstore/root-signing] |
| 🔏 | Certificate authority materials (CA chains) | [Fulcio] |
| 🪵 | Certificate transparency log materials (log keys and inclusion proofs) | Fulcio's [CT log] |
| ⏰ | Timestamp authority materials (TSA chains and signed timestamps) | [sigstore/timestamp-authority] |
| 📝 | Signature transparency log materials (log keys and inclusion proofs) | [Rekor] |
| 👀 | Witness keys and signatures | Third-party log witnesses |
Comment on lines +18 to +26
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Flagging: I added this legend to make the table below easier to follow, but I could also see it possibly making things more confusing (or too messy with the emojis); curious what others think!


[`cosign`]: https://github.com/sigstore/cosign
[sigstore/root-signing]: https://github.com/sigstore/root-signing/
[Fulcio]: https://github.com/sigstore/fulcio
[CT log]: https://github.com/sigstore/fulcio#certificate-transparency
[Rekor]: https://github.com/sigstore/rekor
[sigstore/timestamp-authority]: https://github.com/sigstore/timestamp-authority

## Signature Algorithms

| Algorithm | Name | Usage | Notes |
|-----------|----------------------------|-------------| -------------------------------------------------------------------------------- |
| RSA | rsa-sign-pkcs1-2048-sha256 | verify only | Not recommended. |
| | rsa-sign-pkcs1-3072-sha256 | sign/verify | |
| | rsa-sign-pkcs1-4096-sha256 | sign/verify | |
| | rsa-sign-pss-2048-sha256 | verify only | Not recommended. |
| | rsa-sign-pss-3072-sha256 | sign/verify | |
| | rsa-sign-pss-4096-sha256 | sign/verify | |
| ECDSA | ecdsa-sha2-256-nistp256 | sign/verify | |
| | ecdsa-sha2-384-nistp384 | sign/verify | |
| | ecdsa-sha2-512-nistp521 | sign/verify | |
| EdDSA | ed25519 | sign/verify | |
| | ed25519-ph | sign/verify | Recommended only for `hashedrekord`. |
| LMS | lms-sha256 | sign/verify | Stateful; signer selects the `H` parameter. Not recommended for keyless signing. |
| LM-OTS | lmots-sha256 | sign/verify | One-time use only; signer selects `n` and `w`. |
| Algorithm | Name | Usage | Purpose | Notes |
|-----------|----------------------------|-------------| ------- |--------------------------------------------------------------------------------- |
| RSA | rsa-sign-pkcs1-2048-sha256 | verify only | 🔑 🪵 | Not recommended; not used for CT log materials outside of staging. |
| | rsa-sign-pkcs1-3072-sha256 | sign/verify | 🔑 | |
| | rsa-sign-pkcs1-4096-sha256 | sign/verify | 🔑 | |
| | rsa-sign-pss-2048-sha256 | verify only | 🔑 | Not recommended. |
| | rsa-sign-pss-3072-sha256 | sign/verify | 🔑 | |
| | rsa-sign-pss-4096-sha256 | sign/verify | 🔑 | |
| ECDSA | ecdsa-sha2-256-nistp256 | sign/verify | 🔑 🔗 🪵 📝 | |
| | ecdsa-sha2-384-nistp384 | sign/verify | 🔑 🔏 ⏰ | |
| | ecdsa-sha2-256-nistp384 | verify only | 🔑 | Not recommended due to poor compatibility. |
| | ecdsa-sha2-512-nistp521 | sign/verify | 🔑 | |
| | ecdsa-sha2-256-nistp521 | verify only | 🔑 | Not recommended due to poor compatibility. |
| EdDSA | ed25519 | sign/verify | 🔑 📝 👀 | |
| | ed25519-ph | sign/verify | 🔑 | Recommended only for `hashedrekord`. |
| LMS | lms-sha256 | sign/verify | 🔑 | Stateful; signer selects the `H` parameter. Not recommended for keyless signing. |
| LM-OTS | lmots-sha256 | sign/verify | 🔑 | One-time use only; signer selects `n` and `w`. |

### Parameter configuration for LMS and LM-OTS

Expand Down
44 changes: 44 additions & 0 deletions sigstore-public-deployment-spec.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,3 +191,47 @@ The Sigstore project provides the resources necessary to deploy private Sigstore
* [sigstore/scaffolding](https://github.com/sigstore/scaffolding)
* [sigstore/sigstore-probers](https://github.com/sigstore/sigstore-probers)
* [sigstore/policy-controller](https://github.com/sigstore/policy-controller)

### 5.2 Supported Algorithms

The Sigstore public good instance supports a subset of the algorithms defined
in the [Algorithm Registry](./algorithm-registry.md). Clients that interoperate
with the public good instance **MUST** support
these algorithms in their respective contexts.

#### 5.2.1 TUF

The public good instance uses `ecdsa-sha2-256-nistp256` for all TUF signing keys.

#### 5.2.2 Fulcio

The public good instance uses `ecdsa-sha2-384-nistp384` for Fulcio's
certificate chain and `ecdsa-sha2-256-nistp256` for Fulcio's certificate
transparency log.

Clients may submit Certificate Signing Requests (CSRs) with the following
algorithms:

| Algorithm | Required? | Recommended? |
|------------------------------|-----------|---------------|
| `ecdsa-sha2-256-nistp256` | Yes | Yes |
| `ecdsa-sha2-384-nistp384` | No | Yes |
| `ecdsa-sha2-512-nistp521` | No | Yes |
| `rsa-sign-pkcs1-2048-sha256` | No | No |
| `rsa-sign-pkcs1-3072-sha256` | No | No |
| `rsa-sign-pkcs1-4096-sha256` | No | No |
| `ed25519` | No | Yes |

#### 5.2.3 Rekor

The public good instance may use any of the following for Rekor's
public key and signatures:

* `ecdsa-sha2-256-nistp256` (Rekor v1)
* `ecdsa-sha2-384-nistp384` (Rekor v1)
* `ed25519` (beginning with Rekor v2)

#### 5.2.4 Timestamp Authority

The public good instance uses `ecdsa-sha2-384-nistp384` for the
Timestamp Authority's certificate chain.