Ability to disable non default signature algorithm(s)#5
Conversation
Ability to disable non default signature algorithm
| # are disabled. This is useful if you only want to support one algorithm. | ||
| # NOTE: if true, you can still verify validity of timestamps generated with | ||
| # any other supported algorithm for the keys listed in otherTrustedPublicKeys | ||
| disableOtherSigAlg: false |
There was a problem hiding this comment.
This presumes that either there only will be two signature algorithms supported or that you'd only want to enable one of them. It seems more logical to me to have an option enabledSigAlgs, and then perhaps interpret the first as the default.
Why do you want to disable one of them btw?
There was a problem hiding this comment.
Currently Yivi is creating a PoC moving the infrastructure into a cloud agnostic environment. Since we are only using ed25519 and we need atumd to be stateless, this small change is (for us) the least intrusive way to make that happen. No change in config needed to keep the current situation running while it is possible to disable all other algorithms (for now only XMSS[MT]) except the default one in our cloud setup.
Thought this could be a nice addition in functionality, hence the pr. On the other hand I also agree with you that the other way around with an option like enabledSigAlgs would be a nice approach.
…k-on-Ed25519KeyPath relax file permission check on Ed25519KeyPath
…k-on-Ed25519KeyPath fileInfo declared and not used
Liveness check added
This reverts commit d927edb.
chore: Update dependencies
fix: Scan image and unify image tagging
- Bump Go directive to 1.25.0 and toolchain to go1.25.10 (clears 19 stdlib advisories reported by govulncheck against the prior go1.24.0 toolchain). - Refresh direct deps: go-chi/cors 1.2.2, prometheus/client_golang 1.23.2, golang.org/x/crypto 0.51.0. - Refresh indirect deps via go mod tidy. Verified with govulncheck ./... (no vulnerabilities found) and go build ./....
Add a smoke test for the timestamping endpoint (POST /) that wires up minimal globals with Ed25519 only, exercises rootHandler via httptest, and verifies the returned signature. Add a `test` job to the delivery workflow running `go test ./...` and make `publish-docker-image` depend on it via `needs: test`.
actions/checkout@v4 and actions/setup-go@v5 still run on Node.js 20, which GitHub switches to Node.js 24 by default on 2026-06-02 and removes from runners on 2026-09-16. v6 of both actions ships on Node 24.
- docker/metadata-action v5 -> v6
- docker/setup-buildx-action v3 -> v4
- docker/login-action v3 -> v4
- docker/build-push-action v5 -> v7 (build + push steps)
- anchore/scan-action v3 -> v7 (fixes stale grype + v5 vuln DB
retirement causing "db built 10
weeks ago" scan failures)
- github/codeql-action/upload-sarif v3 -> v4
actions/checkout and actions/setup-go were already bumped to v6 in the
previous commit. All actions now run on Node.js 24.
chore: update dependencies
7 participants
This modification adds an extra boolean configuration variable
disableOtherSigAlgthat allows you to disable all signature algorithms other than the specifieddefaultSigAlg.If for example
defaultSigAlgis set toed25519anddisableOtherSigAlg=trueit will not be possible to generate a timestamp based on XMSS[MT]. Also (automatic) XMSS[MT] key generation at startup will not happen in this case, essentially disabling all XMSS[MT] based functionality.There is one exception: it will always be possible to verify timestamps for all supported algorithms. So in a scenario where XMSS[MT] is used as algorithm and server config is changed to only accept Ed25519 from now on, it is still possible to validate XMSS[MT] timestamps as long as the public key is listed in
otherTrustedPublicKeys.