[User Story] - notation generates key and corresponding certificate for testing

[yizha1]

Summary

As a tester, I want to generate key and corresponding certificate to test notation signing and verifying features

Intended Outcome

• An RSA key and corresponding self-signed certificate can be generated in an easy way.
• Testers can sign OCI artifacts using the key with notation sign command
• Testers can verify signed OCI artifacts against the self-signed certificate with notation verify command
• The RSA key and corresponding self-signed certificate are stored locally. The directory structure should follow section Signing key store of Spec : Notation directory structure #167
• multiple keys and certificates can be generated given different host names
• Tester can select which key and certificate pair to test notation signing and verifying.
• Tester can remove specific key and certificate pair when they are not used

Additional context
Tester could be developer or any person who is interested in notation project and want to try notation features.

Work items

• Update notation CLI spec for this user story
• Implementation of generating RSA keys and corresponding self-signed certificates
• Implementation of removing specific key and certificate
• Implementation of notation signing and verifying against testing keys and self-signed certificates
• Implementation of directory structure for Key and certificates according to Signing key store section of Spec : Notation directory structure #167

[SteveLasker]

Just a note this work user story is important for our getting started scenarios.
Adopters need a quick and easy means to get started, without any dependency on a cloud provider.

[JeyJeyGao]

I'm working on this work item. The generated keys & certs will be stored in {CONFIG}/notation/localkeys/.

Implementation of directory structure for Key and certificates according to Signing key store section of #167

But the {CONFIG}/notation/signingkeys.json doesn't exist now, signing key information is tracked in config.json, there will be a breaking change to split the config.json file. Is it another work item? Do we need to finish it in RC1, or just keep the current config.json structure? The config example is here. @SteveLasker @shizhMSFT

[shizhMSFT]

@JeyJeyGao Yes, the config.json should be split into config.json and signingkeys.json. It will be another work item and is in the scope of RC.1 or before.

[yizha1]

One bug found here #259, which broke this feature.

[iamsamirzon]

@yizha1 - Please consider the changes going in this fix to not break the "directory structure" based trust store and verification experience spec. Rakesh is working on notaryproject/notation-go#95