Skip to content

Reorganize, clarify, and update docs on signing and certs#207

Merged
crandmck merged 10 commits into
mainfrom
general-reorg
Apr 18, 2025
Merged

Reorganize, clarify, and update docs on signing and certs#207
crandmck merged 10 commits into
mainfrom
general-reorg

Conversation

@crandmck
Copy link
Copy Markdown
Collaborator

@crandmck crandmck commented Apr 1, 2025
edited
Loading

There was info on signing and certs in several different places. This PR consolidates and reorganizes it with some edits and clarifications:

New/reorganized pages:

@crandmck crandmck marked this pull request as draft April 1, 2025 23:13
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 1, 2025
edited
Loading

🚀 Deployed on https://deploy-preview-207--cai-open-source.netlify.app

@github-actions github-actions Bot temporarily deployed to pull request April 1, 2025 23:14 Inactive
@github-actions github-actions Bot temporarily deployed to pull request April 3, 2025 21:00 Inactive
@github-actions github-actions Bot temporarily deployed to pull request April 3, 2025 23:10 Inactive
@github-actions github-actions Bot temporarily deployed to pull request April 3, 2025 23:22 Inactive
@crandmck crandmck requested a review from mauricefisher64 April 4, 2025 17:21
@github-actions github-actions Bot temporarily deployed to pull request April 4, 2025 17:22 Inactive
@crandmck crandmck marked this pull request as ready for review April 4, 2025 20:47
mauricefisher64
mauricefisher64 reviewed Apr 8, 2025
View reviewed changes
Comment thread docs/getting-started.mdx Outdated
mauricefisher64
mauricefisher64 reviewed Apr 8, 2025
View reviewed changes
Comment thread docs/getting-started.mdx Outdated
mauricefisher64
mauricefisher64 reviewed Apr 8, 2025
View reviewed changes
Comment thread docs/signing/get-cert.md
mauricefisher64
mauricefisher64 reviewed Apr 8, 2025
View reviewed changes
Comment thread docs/signing/local-signing.md Outdated
@github-actions github-actions Bot temporarily deployed to pull request April 9, 2025 19:21 Inactive
@github-actions github-actions Bot temporarily deployed to pull request April 16, 2025 18:05 Inactive
@github-actions github-actions Bot temporarily deployed to pull request April 16, 2025 20:10 Inactive
mauricefisher64
mauricefisher64 reviewed Apr 17, 2025
View reviewed changes
Comment thread docs/signing/local-signing.md Outdated

Where `mycerts.pub` is the file containing the certificate chain from signing certificate to the last certificate before the root CA, concatenated.

This command produces a text summary of the certificate properties, as shown in the example below. Look for a line containing `Signature Algorithm`. The public key indicates the signature algorithm used. See the table in [Getting a certificate](get-cert.md#signature-types) to determine the corresponding signature type.
Copy link
Copy Markdown
Collaborator

@mauricefisher64 mauricefisher64 Apr 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Look for a line containing Signature Algorithm.

should be

Look for a line containing Public Key Algorithm

Copy link
Copy Markdown
Collaborator Author

@crandmck crandmck Apr 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, sorry I just noticed this and fixed it.

@github-actions github-actions Bot temporarily deployed to pull request April 17, 2025 16:16 Inactive
mauricefisher64
mauricefisher64 reviewed Apr 17, 2025
View reviewed changes
Comment thread docs/signing/local-signing.md Outdated

This command produces a text summary of the certificate properties, as shown in the example below. Look for a line containing `Signature Algorithm`. The public key indicates the signature algorithm used. See the table in [Getting a certificate](get-cert.md#signature-types) to determine the corresponding signature type.

For this example with a certificate issued by GlobalSign, `Signature Algorithm: sha256WithRSAEncryption` corresponds to the PS256 signature type.
Copy link
Copy Markdown
Collaborator

@mauricefisher64 mauricefisher64 Apr 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Signature Algorithm: sha256WithRSAEncryption

should be
'Public Key Algorithm: rsassaPss' with PSS parameter 'Hash Algorithm: SHA2-256'

Copy link
Copy Markdown
Collaborator Author

@crandmck crandmck Apr 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I fixed that already as well, basically right as you commented. Small difference: I used the literal text from the table in https://deploy-preview-207--cai-open-source.netlify.app/docs/signing/get-cert#signature-types, so:

RSASSA-PSS with SHA-256

Instead of

RSASSA-PSS with PSS parameter 'Hash Algorithm: SHA2-256

If you prefer, I can change both to be the latter.

crandmck
crandmck commented Apr 17, 2025
View reviewed changes
Comment thread docs/signing/local-signing.md
@crandmck crandmck merged commit f7d3c3a into main Apr 18, 2025
3 checks passed
@crandmck crandmck deleted the general-reorg branch April 18, 2025 21:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mauricefisher64 mauricefisher64 mauricefisher64 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@crandmck @mauricefisher64