Open
Description
Description
It seems when we lookup correct keys in trust root, we should use checkpoint_key_id if it is available and log_id only as fallback.
Changes:
- the rekor keyring is currently essentially a
dict[keyid, PublicKey]: we need to track checkpoint_key_id as well -- I'm guessing it makes sense to store the whole RekorLog in the container, not just PublicKey - the checkpoint code currently calls RekorKeyring.verify() with a keyid argument: this needs to be redesigned a bit