New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider OpenSSL for signature generation and verification. #14

Open

priteshbandi opened this issue Oct 1, 2021 · 1 comment

Milestone

Contributor

priteshbandi commented Oct 1, 2021

We are using homegrown/custom implementation of pkcs7 for timestamp signature, should we consider using openssl?
OpenSSl is FIPS compliant so we can offload crypto operations to openssl

Contributor

shizhMSFT commented Oct 14, 2021

If we use openssl, then the notation-go-lib will not be a pure Go library and will be platform specific.

dtzar added this to the future milestone

dtzar mentioned this issue

support "attach"ing signatures generated by a separate crypto mechanism notaryproject/notation#151

Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment