Skip to content

Add first draft of the sigsum end-user tool

We need a tool that plays nicely with ssh-keygen -Y sign.

Requirements:

  • Submits signed checksums to the log that were produced with SSH tooling, outputs everything that the submitter will want to distribute to end users (cosigned tree head, inclusion proof, etc. on some format)
  • Verification of the above output
  • Some way to manage log/witness policy to be used

Note: this tool is meant to "just work", i.e., detailed understanding of the Sigsum design should not be needed.

The largest uncertainty here is how to plug a policy into the tool, to be discussed more.

(In the future we may want to support signify and/or minisign signatures as well, but let's defer that.)