Skip to content

Extend subject digest support to standard hash algorithms beyond SHA-256 #309

New issue
New issue
Open
Open
Extend subject digest support to standard hash algorithms beyond SHA-256#309
@633kh4ck

Description

@633kh4ck
633kh4ck
opened on Nov 26, 2025

Currently, only SHA-256 is allowed

attest/src/subject.ts

Line 132 in 88adb86

if (!subjectDigest.match(/^sha256:[A-Za-z0-9]{64}$/)) {

However, the in-toto specification defines a broader set of supported algorithms: https://github.com/in-toto/attestation/blob/v1.1.2/spec/v1/digest_set.md#supported-algorithms. It would be beneficial to at least support the full SHA-2 family. For example, this would allow reusing the NPM integrity, which uses SHA-512 1, as the subject digest.

Footnotes

  1. https://github.com/npm/cli/blob/52714855e62a196fb853872f5106803605ab0ec4/lib/utils/tar.js#L99

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions