Publish cert to Rekor instead of pubkey (#66)

* Publish cert to Rekor instead of pubkey * Remove unused variable
sigstore · May 2, 2022 · 3dfc786 · 3dfc786
1 parent a18e1b8
commit 3dfc786
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 9 deletions.
diff --git a/sigstore/_internal/rekor/_client.py b/sigstore/_internal/rekor/_client.py
@@ -146,15 +146,15 @@ def post(
         self,
         b64_artifact_signature: str,
         sha256_artifact_hash: str,
-        encoded_public_key: str,
+        b64_cert: str,
     ) -> RekorEntry:
         data = {
             "kind": "hashedrekord",
             "apiVersion": "0.0.1",
             "spec": {
                 "signature": {
                     "content": b64_artifact_signature,
-                    "publicKey": {"content": encoded_public_key},
+                    "publicKey": {"content": b64_cert},
                 },
                 "data": {
                     "hash": {"algorithm": "sha256", "value": sha256_artifact_hash}

diff --git a/sigstore/_sign.py b/sigstore/_sign.py
@@ -110,19 +110,14 @@ def sign(file: BinaryIO, identity_token: str, ctfe_pem: bytes) -> SigningResult:
     b64_artifact_signature = base64.b64encode(artifact_signature).decode()
 
     # Prepare inputs
-    pub_b64 = base64.b64encode(
-        public_key.public_bytes(
-            encoding=serialization.Encoding.PEM,
-            format=serialization.PublicFormat.SubjectPublicKeyInfo,
-        )
-    )
+    b64_cert = base64.b64encode(cert.public_bytes(encoding=serialization.Encoding.PEM))
 
     # Create the transparency log entry
     rekor = RekorClient()
     entry = rekor.log.entries.post(
         b64_artifact_signature=b64_artifact_signature,
         sha256_artifact_hash=sha256_artifact_hash,
-        encoded_public_key=pub_b64.decode(),
+        b64_cert=b64_cert.decode(),
     )
 
     logger.debug(f"Transparency log entry created with index: {entry.log_index}")