Skip to content

Allow 16 character SubjectKeyIdentifier for x509 signed commits feature

What does this MR do and why?

This MR allows 16 character (hex) SubjectKeyIdentifier (SKI) for x509 signed commits to validate successfully. (In addition to the already allowed 40 character (hex) SKI)

RFC5280 describes two common methods for generating key identifiers:

  1. 160-bit SHA-1 hash of the value of the subjectPublicKey. --> This results in a 40 character (hex) key identifier
  2. Key identifier composed of four-bit type field with the value 0100 followed by the last significant 60 bits of the SHA-1 hash of the subjectPublicKey. --> This results in a 16 character (hex) key identifier.

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #332503 (closed)

Merge request reports

Loading