garantir-km
garantir-km
What is the benefit from switching from PKCS11, a very standard cryptographic interface, to RPC? If someone wants to integrate their RPC-enabled cryptograhic token, they can just provide a PKCS11...
Supporting PKCS11 is all that is really needed here. For HSMs (or other cryptographic tokens/services) that provide a PKCS11 library, users will be good to go out-of-the-box without the need...
Can we bump this up in priority? We have lots of big companies that want to use cosign but the lack of ability to integrate with their existing signing infrastructure...
I think I can give it a shot (or assign it to one of our engineers) at the beginning of October, once this quarter is over.
First off, my apologies to @dbilling - I realize my post came across somewhat arrogant and that wasn't my intention. Also, for what it is worth, my company wants to...
I would like to get started on this next week but obviously want to make sure that the work will get merged. I believe option 2 satisfies everyone's needs. If...
It has been brought to my attention by one of our engineers that there is already the [CertSignVerifier interface](https://github.com/sigstore/cosign/blob/main/cmd/cosign/cli/sign/sign.go#L406) which implement's sigstore's [SignerVerifier interface](https://github.com/sigstore/sigstore/blob/v1.0.0/pkg/signature/signerverifier.go#L30), and it is [used by cosign](https://github.com/sigstore/cosign/blob/main/cmd/cosign/cli/sign/sign.go#L137)....
> I think we're missing an "out of tree" extensibility model today. This interface would still require getting things upstreamed here into cosign. I'd like to be flexible in cosign...
Free time is getting harder to come by so we are going to go ahead and get started on this with a PKCS#11 integration before things get too busy. This...
Hello, just checking back on this. Any update on when this feature will be implemented, or whether it has already been?