sigstore

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 7, 2024 License: AGPL-3.0 Imports: 22 Imported by: 0

Documentation

Overview

Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only

Package sigstore is used to verify Constellation components using sigstore, cosign and rekor.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsBase64 

func IsBase64(signature []byte) error

IsBase64 checks if the given byte slice is base64 encoded.

func SignContent 

func SignContent(password, encryptedPrivateKey, content []byte) ([]byte, error)

SignContent signs the content with the cosign encrypted private key and corresponding cosign password.

func VerifyWithRekor 

func VerifyWithRekor(ctx context.Context, publicKey []byte, verifier rekorVerifier, hash string) error

VerifyWithRekor checks if the hash of a signature is present in Rekor.

Types

type CosignVerifier 

type CosignVerifier struct {
	// contains filtered or unexported fields
}

CosignVerifier wraps a public key that can be used for verifying signatures.

func (CosignVerifier) VerifySignature 

func (c CosignVerifier) VerifySignature(content, signature []byte) error

VerifySignature checks if the signature of content can be verified using publicKey. signature is expected to be base64 encoded. publicKey is expected to be PEM encoded.

type Rekor 

type Rekor struct {
	// contains filtered or unexported fields
}

Rekor allows to interact with the transparency log at: https://rekor.sigstore.dev For more information see Rekor's Swagger definition: https://www.sigstore.dev/swagger/#/

func NewRekor 

func NewRekor() (*Rekor, error)

NewRekor creates a new instance of Rekor to interact with the transparency log at: https://rekor.sigstore.dev

func (*Rekor) SearchByHash 

func (r *Rekor) SearchByHash(ctx context.Context, hash string) ([]string, error)

SearchByHash searches for the hash of an artifact in Rekor transparency log. A list of UUIDs will be returned, since multiple entries could be present for a single artifact in Rekor.

func (*Rekor) VerifyEntry 

func (r *Rekor) VerifyEntry(ctx context.Context, uuid, publicKey string) error

VerifyEntry performs log entry verification (see verifyLogEntry) and verifies that the provided publicKey was used to sign the entry. An error is returned if any verification fails.

type Signer 

type Signer interface {
	Sign(content []byte) (res []byte, err error)
}

Signer is used to sign the version file. Used for unit testing.

func NewSigner 

func NewSigner(cosignPwd, privKey []byte) Signer

NewSigner returns a new Signer.

type Verifier 

type Verifier interface {
	VerifySignature(content, signature []byte) error
}

Verifier checks if the signature of content can be verified.

func NewCosignVerifier 

func NewCosignVerifier(pem []byte) (Verifier, error)

NewCosignVerifier unmarshalls and validates the given pem encoded public key and returns a new CosignVerifier.

Source Files

View all Source files

Directories

Path Synopsis
Package keyselect is used to select the correct public key for signature verification.
 Package keyselect is used to select the correct public key for signature verification.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.