-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GPGSignature loads and dumps different dict key #418
Comments
Good find, @PradyumnaKrishna! Regardless of what the name is, Regarding what name it should be:
I think either way is fine but lean towards 1 for the time being because of backwards-compatibility and because it seems simpler (e.g. we don't have to translate cc @MVrachev |
👍 |
GPG signature requires `sig` on load but dumps `signature` key in a dict which should be the same key name secure-systems-lab#418. Some formatting fixes are made to the singer.py. Signed-off-by: Pradyumna Krishna <[email protected]>
Description of issue or feature request:
GPGSignature
'sto_dict
method returns asignature
key in dict but requires asig
key infrom_dict
method.Also,
GPGSignature
schema in formats has fieldsignature
instead ofsig
that is used by aSignature
. isn't DSSE signatures havesig
for signatures?Current behavior:
GPGSignature
from_dict
andto_dict
methods are not configured properly and will not load a dumped dict of a self.securesystemslib/securesystemslib/signer.py
Lines 129 to 133 in 873f276
securesystemslib/securesystemslib/signer.py
Lines 138 to 142 in 873f276
Expected behavior:
Either use
sig
orsignature
for both methods and representation of GPGSignature.Related to DSSE
My idea is to implement GPGKey similar to SSlibKey implementation as provided in #416 (comment) so that external representation won't affect the verification.
Regarding GPGSignature I think we should use
sig
and we can parse bothsig
andsignature
infrom_dict
method of GPGSignature.whats your opinion @lukpueh?
The text was updated successfully, but these errors were encountered: