Support self-managed keys when signing with sigstore-go

[haydentherapper]

This creates a wrapper around the Keypair interface when a SignerVerifier is provided for signing with KMS or any other provided keys. This also retains support for --issue-certificate to request a certificate for a managed key.

Fixes #4327

Summary

Release Note

Documentation

[codecov]

Codecov Report

❌ Patch coverage is 22.56637% with 175 lines in your changes missing coverage. Please review.
✅ Project coverage is 34.32%. Comparing base (2ef6022) to head (6d27d43).
⚠️ Report is 491 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/cosign/cli/attest/attest_blob.go	2.22%	43 Missing and 1 partial ⚠️
cmd/cosign/cli/sign/sign_blob.go	2.22%	43 Missing and 1 partial ⚠️
cmd/cosign/cli/attest_blob.go	0.00%	29 Missing ⚠️
cmd/cosign/cli/attest.go	0.00%	22 Missing ⚠️
internal/key/svkeypair.go	81.03%	8 Missing and 3 partials ⚠️
cmd/cosign/cli/sign/sign.go	20.00%	8 Missing ⚠️
cmd/cosign/cli/attest/attest.go	0.00%	6 Missing ⚠️
cmd/cosign/cli/signblob.go	0.00%	5 Missing ⚠️
cmd/cosign/cli/options/attest.go	0.00%	3 Missing ⚠️
cmd/cosign/cli/options/attest_blob.go	0.00%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4368      +/-   ##
==========================================
- Coverage   40.10%   34.32%   -5.79%     
==========================================
  Files         155      217      +62     
  Lines       10044    15148    +5104     
==========================================
+ Hits         4028     5199    +1171     
- Misses       5530     9280    +3750     
- Partials      486      669     +183     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[haydentherapper]

Verified this works with Rekor v2:

curl -LO https://raw.githubusercontent.com/sigstore/root-signing-staging/refs/heads/main/metadata/root_history/1.root.json
cosign initialize --root 1.root.json --mirror="https://tuf-repo-cdn.sigstage.dev" 

cosign generate-key-pair

cosign sign-blob --new-bundle-format --bundle artifact.sigstore.json --yes --use-signing-config --key cosign.key README.md
cosign verify-blob --new-bundle-format --bundle artifact.sigstore.json --key cosign.pub README.md

cosign sign-blob --new-bundle-format --bundle artifact.sigstore.json --yes --use-signing-config --key cosign.key --issue-certificate README.md
cosign verify-blob --new-bundle-format --bundle artifact.sigstore.json --certificate-identity $email --certificate-oidc-issuer https://accounts.google.com --use-signed-timestamps README.md

cosign attest-blob --use-signing-config --statement intoto.txt --bundle sigstore.att.json --key cosign.key
cosign verify-blob-attestation --new-bundle-format --bundle sigstore.att.json --digestAlg sha256 --digest="b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9" --key cosign.pub

cosign attest-blob --use-signing-config --statement intoto.txt --bundle sigstore.att.json --key cosign.key --issue-certificate
cosign verify-blob-attestation --new-bundle-format --bundle sigstore.att.json --digestAlg sha256 --digest="b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9" --certificate-identity $email --certificate-oidc-issuer https://accounts.google.com --use-signed-timestamps

[steiza]

Generally LGTM - I don't understand the IssueCertificateForExistingKey part though.

[steiza]

I don't understand this code block. What flag to I pass to cosign attest-blob to specify this behavior? Where does this get used by sigstore-go?

[haydentherapper]

Because we have too much duplication everywhere, I had missed adding --issue-certificate to attest-blob and attest - I just added this.

For context, --issue-certificate was added as part of https://blog.sigstore.dev/adopting-sigstore-incrementally-1b56a69b8c15/, to request a Fulcio certificate even if a key is provided.

This flag isn't used by sigstore-go, it's used by SignerFromKeyOpts, which does a few things - it load a key from KMS/PIV/disk, it generates a key, and if IssueCertificateForExistingKey is set or an ephemeral key was generated, it requests a certificate from Fulcio. This is the root cause of the issue, the method does too much.

sigstore-go will be handling certificate requests, so I need to set IssueCertificateForExistingKey to false to prevent SignerFromKeyOpts from trying to generate a cert.

[steiza]

Ahhhh, okay, now I see. Still, mutating the configuration like this makes me a bit nervous (I've been bitten before in the cosign code base doing similar things!)

The "problem" is that SignerFromKeyOpts does two things:

• Constructs the SignerVerifier
• Calls keylessSigner in some cases

There aren't that many places we call SignerFromKeyOpts. Instead of mutating the config like this, would it make sense to have keylessSigner become a public method and call it when needed from the cmd/cosign/cli files? I'm not 100% sure if that's better or not, but I think it would allow us to avoid mutating the configuration like this.

[haydentherapper]

Yea, I'm happy to try this out.
FYI @ret2libc, this would also solve the e2e test failure you were running into.

[haydentherapper]

I refactored this and then searched for method usage across GitHub and found it's being used in some libraries. So one of two options:

• Call this out in the CHANGELOG - we provide no guarantees for API breakages, and because the method signature has changed, it'll force clients to make an update
• Check if SigningConfig is set in SignerFromKeyOpts - This is kinda gross

[steiza]

Yeah, I think a CHANGELOG entry is just fine.

[ret2libc]

we should use defaultLoadOptions = cosign.GetDefaultLoadOptions() and pass defaultLoadOptions to this method, to ensure that ed25519ph is used instead of ed25519.

[steiza]

This looks good to me!