Currently, only SHA-256 is allowed
|
if (!subjectDigest.match(/^sha256:[A-Za-z0-9]{64}$/)) { |
However, the in-toto specification defines a broader set of supported algorithms: https://github.com/in-toto/attestation/blob/v1.1.2/spec/v1/digest_set.md#supported-algorithms. It would be beneficial to at least support the full SHA-2 family. For example, this would allow reusing the NPM integrity, which uses SHA-512 1, as the subject digest.
Currently, only SHA-256 is allowed
attest/src/subject.ts
Line 132 in 88adb86
However, the in-toto specification defines a broader set of supported algorithms: https://github.com/in-toto/attestation/blob/v1.1.2/spec/v1/digest_set.md#supported-algorithms. It would be beneficial to at least support the full SHA-2 family. For example, this would allow reusing the NPM
integrity, which uses SHA-512 1, as the subject digest.Footnotes
https://github.com/npm/cli/blob/52714855e62a196fb853872f5106803605ab0ec4/lib/utils/tar.js#L99 ↩