Simon Josefsson via Sigsum-general sigsum-general@lists.sigsum.org writes:
Maybe this is a non-issue. Can you show me how to search the Sigsum log for any signature made by this public-key:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzCFcHHrKzVSPDDarZPYqn89H5TPaxwcORgRg+4DagE
$ cat >jas.key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzCFcHHrKzVSPDDarZPYqn89H5TPaxwcORgRg+4DagE ^D $ cat >glasklar.policy log 0ec7e16843119b120377a73913ac6acbc2d03d82432e2c36b841b09a95841f25 https://seasalp.glasklar.is log 154f49976b59ff09a123675f58cb3e346e0455753c3c3b15d465dcb4f6512b0b https://poc.sigsum.org/jellyfish quorum none ^D $ go run ./cmd/sigsum-monitor/ --interval 5s -p glasklar.policy jas.key New c9e525b98f412ede185ff2ac5abf70920a2e63a6ae31c88b1138b85de328706b tree, size 33168 New 44ad38f8226ff9bd27629a41e55df727308d0a1cd8a2c31d3170048ac1dd22a1 tree, size 684 New 44ad38f8226ff9bd27629a41e55df727308d0a1cd8a2c31d3170048ac1dd22a1 leaves, count 0, total processed 512 New 44ad38f8226ff9bd27629a41e55df727308d0a1cd8a2c31d3170048ac1dd22a1 leaves, count 0, total processed 684 [...] ^C
I get no leaves matching your key. As you see, the monitor tooling is a bit rough. One feature in particular, that Rasmus has asked for, is a mode that exits as soon as it has read to the end of all logs, rather than waiting for more data to appear.
Alternatively, you could use a script looping over over the get-leaves endpoint to download all leaves, and then grep for the keyhash, which is
$ go run ./cmd/sigsum-key/ to-hash -k jas.key 7d57f39e21aafda397c1ec8d413694a7a77b3e86b7cefff4c7d9e87497b41499
The advantage of using the monitor is that it doesn't blindly trust the get-leaves responses: it also requests inclusion proofs and checks that the leaves are consistent with the log's signed tree head.
Regards, /Niels