Description

At Trail of Bits, we're looking at implementing part of the Configurable Crypto Algorithms proposal (specifically Phase 1). See sigstore/cosign#3271, sigstore/rekor#1724, sigstore/fulcio#1388 for related issues in the other repos.

We started doing some work with sigstore/fulcio#1517, which tries to support only client keys of type ecdsa+sha256 and ed25519. Fulcio does not really care about the user keys, however Rekor does and right now it does not support ed25519 (see sigstore/rekor#1724 for details).

As suggested there and in other rekor issues, the idea is to add support for ed25519ph which is a pre-hashed version of ed25519. Having this support in sigstore/sigstore would allow sigstore-go, rekor, and cosign to use ed25519 keys as an alternative to the default ecdsa + sha256.

cc @tetsuo-cpp @woodruffw