Switch to hashedrekord Rekor type

**Description**



Context: I was investigating unused types in https://github.com/sigstore/rekor/issues/2080, and helm had some usage but not a significant amount. One of the blockers to deprecating support would be to migrate over any Sigstore clients away from the deprecated kinds.

helm-sigstore uploads `helm` kinds [here](https://github.com/sigstore/helm-sigstore/blob/main/pkg/rekor/rekor.go#L84-L95). Instead, we can switch to uploading `hashedrekord` kinds. It would be straightforward to do - Instead of uploading the chart, you would upload a) a hash of the chart, b) the pgp signature, c) the pgp key. [Verification](https://github.com/sigstore/helm-sigstore/blob/main/pkg/verifier/verify.go#L41) would change from verifying the helm entry to verifying the hashedrekord entry.

There is a blocker on Rekor's side, as we only support public keys or certificates for hashedrekord records currently. It would be straightforward for us to add support, as we do in [rekord](https://github.com/sigstore/rekor/blob/56935899f60723d62fdf008ccd001d966ebf47d6/pkg/types/rekord/v0.0.1/entry.go#L372-L379) already.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Switch to hashedrekord Rekor type #248

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Switch to hashedrekord Rekor type #248

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions