diff --git a/gen/pb-go/common/v1/sigstore_common.pb.go b/gen/pb-go/common/v1/sigstore_common.pb.go index d03879dd..37c003a8 100644 --- a/gen/pb-go/common/v1/sigstore_common.pb.go +++ b/gen/pb-go/common/v1/sigstore_common.pb.go @@ -154,6 +154,14 @@ const ( // These keys and signatures may be used by private Sigstore // deployments, but are not currently supported by the public // good instance. + // + // USER WARNING: LMS and LM-OTS are both stateful signature schemes. + // Using them correctly requires discretion and careful consideration + // to ensure that individual secret keys are not used more than once. + // In addition, LM-OTS is a single-use scheme, meaning that it + // MUST NOT be used for more than one signature per LM-OTS key. + // If you cannot maintain these invariants, you MUST NOT use these + // schemes. PublicKeyDetails_LMS_SHA256 PublicKeyDetails = 14 PublicKeyDetails_LMOTS_SHA256 PublicKeyDetails = 15 ) diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py index 8d3c81c0..8caa8d69 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py @@ -76,6 +76,12 @@ class PublicKeyDetails(betterproto.Enum): """ LMS and LM-OTS These keys and signatures may be used by private Sigstore deployments, but are not currently supported by the public good instance. + USER WARNING: LMS and LM-OTS are both stateful signature schemes. Using + them correctly requires discretion and careful consideration to ensure that + individual secret keys are not used more than once. In addition, LM-OTS is + a single-use scheme, meaning that it MUST NOT be used for more than one + signature per LM-OTS key. If you cannot maintain these invariants, you MUST + NOT use these schemes. """ LMOTS_SHA256 = 15 diff --git a/gen/pb-typescript/src/__generated__/sigstore_common.ts b/gen/pb-typescript/src/__generated__/sigstore_common.ts index 4049476b..9f0601b0 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_common.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_common.ts @@ -126,6 +126,14 @@ export enum PublicKeyDetails { * These keys and signatures may be used by private Sigstore * deployments, but are not currently supported by the public * good instance. + * + * USER WARNING: LMS and LM-OTS are both stateful signature schemes. + * Using them correctly requires discretion and careful consideration + * to ensure that individual secret keys are not used more than once. + * In addition, LM-OTS is a single-use scheme, meaning that it + * MUST NOT be used for more than one signature per LM-OTS key. + * If you cannot maintain these invariants, you MUST NOT use these + * schemes. */ LMS_SHA256 = 14, LMOTS_SHA256 = 15, diff --git a/protos/sigstore_common.proto b/protos/sigstore_common.proto index 3d5f58ec..d3d538a6 100644 --- a/protos/sigstore_common.proto +++ b/protos/sigstore_common.proto @@ -90,6 +90,14 @@ enum PublicKeyDetails { // These keys and signatures may be used by private Sigstore // deployments, but are not currently supported by the public // good instance. + // + // USER WARNING: LMS and LM-OTS are both stateful signature schemes. + // Using them correctly requires discretion and careful consideration + // to ensure that individual secret keys are not used more than once. + // In addition, LM-OTS is a single-use scheme, meaning that it + // MUST NOT be used for more than one signature per LM-OTS key. + // If you cannot maintain these invariants, you MUST NOT use these + // schemes. LMS_SHA256 = 14; LMOTS_SHA256 = 15;