keys

package
v2.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 28, 2025 License: Apache-2.0 Imports: 12 Imported by: 0

README

Download the GCB keys

This is a temporary solution. We should try to automate key verification on pre-submits. We should pin the CA certificate when downloading them, maybe using curl and the googlecloudapi REST endpoint. See discussion in #181.

For now, you can verify the keys we downloaded by downloading them yourself.

cd verifiers/internal/gcb/keys
gcloud compute regions list | grep -v NAME | xargs -0 | cut -d ' ' -f1 | xargs -i gcloud kms keys versions get-public-key 1 --location {} --keyring attestor --key builtByGCB --project verified-builder --output-file {}.key

Documentation

Index

Constants

View Source 
const (
	// v1.0 global keys.
	// Run command `gcloud kms keys versions get-public-key 1 --keyring attestor --key google-hosted-worker --project verified-builder --location global`.
	V10GlobalPAEKeyID = "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/google-hosted-worker/cryptoKeyVersions/1"

	// v0.1 global keys.
	// Run command `gcloud kms keys versions get-public-key 1 --keyring attestor --key provenanceSigner --project verified-builder --location global`.
	V01GlobalPAEKeyID = "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/provenanceSigner/cryptoKeyVersions/1"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type GlobalPAEKey added in v2.1.0 

type GlobalPAEKey struct {
	Verifier *dsselib.EnvelopeVerifier
	// contains filtered or unexported fields
}

func NewGlobalPAEKey added in v2.1.0 

func NewGlobalPAEKey(id string) (*GlobalPAEKey, error)

func (*GlobalPAEKey) KeyID added in v2.1.0 

func (v *GlobalPAEKey) KeyID() (string, error)

KeyID implements dsse.Verifier.KeyID.

func (*GlobalPAEKey) Name added in v2.4.0 

func (v *GlobalPAEKey) Name() string

func (*GlobalPAEKey) Public added in v2.1.0 

func (v *GlobalPAEKey) Public() crypto.PublicKey

Public implements dsse.Verifier.Public.

func (*GlobalPAEKey) Verify added in v2.1.0 

func (v *GlobalPAEKey) Verify(_ context.Context, data, sig []byte) error

Verify implements dsse.Verifier.Verify. It verifies a signature formatted in DSSE-conformant PAE.

func (*GlobalPAEKey) VerifyPAESignature added in v2.1.0 

func (v *GlobalPAEKey) VerifyPAESignature(envelope *dsselib.Envelope) error

type PublicKey 

type PublicKey struct {
	// contains filtered or unexported fields
}

func NewPublicKey added in v2.1.0 

func NewPublicKey(region string) (*PublicKey, error)

func (*PublicKey) Name added in v2.4.0 

func (p *PublicKey) Name() string

func (*PublicKey) VerifySignature 

func (p *PublicKey) VerifySignature(digest [32]byte, sig []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.