Skip to content

Add support for using mackms keys with no tags#600

Merged
maraino merged 2 commits intomasterfrom
mariano/nulltags
Sep 26, 2024
Merged

Add support for using mackms keys with no tags#600
maraino merged 2 commits intomasterfrom
mariano/nulltags

Conversation

@maraino
Copy link
Copy Markdown
Contributor

@maraino maraino commented Sep 26, 2024

Description

This commit allows to create, get, sign, and other operations using keys without a tag.

By default, the default tag used by the mackms package is com.smallstep.crypto. If we want to create or get a key using the URI mackms:label=test, the mackms package will assume that the default tag is being used.

The default tag can be changed using the tag parameter in the URI, e.g., mackms:label=test;tag=my-tag. But if we want not to use a tag, we need to provide the tag parameter empty, e,g., mackms:label=test;tag=.

Programs using the mackms package can also set the mackms.DefaultTag to any other value, if it is set to empty, the created keys will not have a tag.

Fixes #595

@maraino
Add support for using mackms keys with no tags
1e71f99 
This commit allows to create, get, sign, and other operations using keys
without a tag. By default, the default tag used by the mackms package is
com.smallstep.crypto, this tag can be changed using the tag parameter in
the uri, e.g., mackms:label=test;tag=my-tag. But if we want to not use
a tag we need to provide the tag parameter empty, e,g.,
mackms:label=test;tag=

Fixes #595
@maraino maraino requested a review from hslatman September 26, 2024 00:08
@maraino maraino mentioned this pull request Sep 26, 2024
Closed
dopey
dopey previously approved these changes Sep 26, 2024
View reviewed changes
@maraino
Copy link
Copy Markdown
Contributor Author

maraino commented Sep 26, 2024

@hslatman, Can you look at it too?

hslatman
hslatman reviewed Sep 26, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@hslatman hslatman left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@maraino logic looks OK.

It would be nice to update (some of) the doc blocks describing the empty tag usage. Maybe not a full example URI, but at least a short blurb saying an empty tag is allowed, and results in creating / searching / deleting keys without a tag being set.

I think it's a small enough of a use case that just the empty tag is OK, but we could opt to (also) support a specific sentinel value for the new behavior, i.e. tag=<null>. Don't have a strong preference, though.

@maraino
Copy link
Copy Markdown
Contributor Author

maraino commented Sep 26, 2024

@hslatman I've added an example in the docs (6844893)

Yesterday, I tested setting an empty string tag, but macOS treats it like not setting any. In any case, I decided to add the if conditions to make it more clear.

@maraino maraino requested review from dopey and hslatman September 26, 2024 18:07
@maraino maraino merged commit cb53a6a into master Sep 26, 2024
@maraino maraino deleted the mariano/nulltags branch September 26, 2024 18:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hslatman hslatman hslatman approved these changes

@dopey dopey Awaiting requested review from dopey

Assignees

No one assigned

Labels

needs triage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Using the mackms package to load keys that do not have a tag attribute set

3 participants

@maraino @hslatman @dopey