Documentation
¶
Overview ¶
Package signature contains types and utilities related to Sigstore signatures.
Index ¶
- func ComputeDigestForSigning(rawMessage io.Reader, defaultHashFunc crypto.Hash, ...) (digest []byte, hashedWith crypto.Hash, err error)
- func ComputeDigestForVerifying(rawMessage io.Reader, defaultHashFunc crypto.Hash, ...) (digest []byte, hashedWith crypto.Hash, err error)
- func FormatSignatureAlgorithmFlag(algorithm v1.PublicKeyDetails) (string, error)
- func GetDefaultPublicKeyDetails(publicKey crypto.PublicKey, opts ...LoadOption) (v1.PublicKeyDetails, error)
- func ParseSignatureAlgorithmFlag(flag string) (v1.PublicKeyDetails, error)
- func SignImage(signer SignerVerifier, image name.Digest, ...) (payload, signature []byte, err error)
- func VerifyImageSignature(signer SignerVerifier, payload, signature []byte) (image name.Digest, annotations map[string]interface{}, err error)
- type AlgorithmDetails
- func (a AlgorithmDetails) GetECDSACurve() (*elliptic.Curve, error)
- func (a AlgorithmDetails) GetHashType() crypto.Hash
- func (a AlgorithmDetails) GetKeyType() PublicKeyType
- func (a AlgorithmDetails) GetProtoHashType() v1.HashAlgorithm
- func (a AlgorithmDetails) GetRSAKeySize() (RSAKeySize, error)
- func (a AlgorithmDetails) GetSignatureAlgorithm() v1.PublicKeyDetails
- type AlgorithmRegistryConfig
- type ECDSASigner
- func (e ECDSASigner) Public() crypto.PublicKey
- func (e ECDSASigner) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
- func (e ECDSASigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
- func (e ECDSASigner) SignMessage(message io.Reader, opts ...SignOption) ([]byte, error)
- type ECDSASignerVerifier
- func LoadECDSASignerVerifier(priv *ecdsa.PrivateKey, hf crypto.Hash) (*ECDSASignerVerifier, error)
- func NewDefaultECDSASignerVerifier() (*ECDSASignerVerifier, *ecdsa.PrivateKey, error)
- func NewECDSASignerVerifier(curve elliptic.Curve, rand io.Reader, hashFunc crypto.Hash) (*ECDSASignerVerifier, *ecdsa.PrivateKey, error)
- type ECDSAVerifier
- type ED25519Signer
- func (e ED25519Signer) Public() crypto.PublicKey
- func (e ED25519Signer) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
- func (e ED25519Signer) Sign(_ io.Reader, message []byte, _ crypto.SignerOpts) ([]byte, error)
- func (e ED25519Signer) SignMessage(message io.Reader, _ ...SignOption) ([]byte, error)
- type ED25519SignerVerifier
- type ED25519Verifier
- type ED25519phSigner
- func (e ED25519phSigner) Public() crypto.PublicKey
- func (e ED25519phSigner) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
- func (e ED25519phSigner) Sign(_ io.Reader, digest []byte, _ crypto.SignerOpts) ([]byte, error)
- func (e ED25519phSigner) SignMessage(message io.Reader, opts ...SignOption) ([]byte, error)
- type ED25519phSignerVerifier
- type ED25519phVerifier
- type LoadOption
- type MessageOption
- type PublicKeyOption
- type PublicKeyProvider
- type PublicKeyType
- type RPCOption
- type RSAKeySize
- type RSAPKCS1v15Signer
- func (r RSAPKCS1v15Signer) Public() crypto.PublicKey
- func (r RSAPKCS1v15Signer) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
- func (r RSAPKCS1v15Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
- func (r RSAPKCS1v15Signer) SignMessage(message io.Reader, opts ...SignOption) ([]byte, error)
- type RSAPKCS1v15SignerVerifier
- func LoadRSAPKCS1v15SignerVerifier(priv *rsa.PrivateKey, hf crypto.Hash) (*RSAPKCS1v15SignerVerifier, error)
- func NewDefaultRSAPKCS1v15SignerVerifier() (*RSAPKCS1v15SignerVerifier, *rsa.PrivateKey, error)
- func NewRSAPKCS1v15SignerVerifier(rand io.Reader, bits int, hashFunc crypto.Hash) (*RSAPKCS1v15SignerVerifier, *rsa.PrivateKey, error)
- type RSAPKCS1v15Verifier
- type RSAPSSSigner
- func (r RSAPSSSigner) Public() crypto.PublicKey
- func (r RSAPSSSigner) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
- func (r RSAPSSSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
- func (r RSAPSSSigner) SignMessage(message io.Reader, opts ...SignOption) ([]byte, error)
- type RSAPSSSignerVerifier
- func LoadRSAPSSSignerVerifier(priv *rsa.PrivateKey, hf crypto.Hash, opts *rsa.PSSOptions) (*RSAPSSSignerVerifier, error)
- func NewDefaultRSAPSSSignerVerifier() (*RSAPSSSignerVerifier, *rsa.PrivateKey, error)
- func NewRSAPSSSignerVerifier(rand io.Reader, bits int, hashFunc crypto.Hash) (*RSAPSSSignerVerifier, *rsa.PrivateKey, error)
- type RSAPSSVerifier
- type SignOption
- type Signer
- func LoadDefaultSigner(privateKey crypto.PrivateKey, opts ...LoadOption) (Signer, error)
- func LoadSigner(privateKey crypto.PrivateKey, hashFunc crypto.Hash) (Signer, error)
- func LoadSignerFromAlgorithmDetails(privateKey crypto.PrivateKey, algorithmDetails AlgorithmDetails, ...) (Signer, error)
- func LoadSignerFromPEMFile(path string, hashFunc crypto.Hash, pf cryptoutils.PassFunc) (Signer, error)
- func LoadSignerFromPEMFileWithOpts(path string, pf cryptoutils.PassFunc, opts ...LoadOption) (Signer, error)
- func LoadSignerWithOpts(privateKey crypto.PrivateKey, opts ...LoadOption) (Signer, error)
- type SignerOpts
- type SignerVerifier
- func LoadDefaultSignerVerifier(privateKey crypto.PrivateKey, opts ...LoadOption) (SignerVerifier, error)
- func LoadSignerVerifier(privateKey crypto.PrivateKey, hashFunc crypto.Hash) (SignerVerifier, error)
- func LoadSignerVerifierFromAlgorithmDetails(privateKey crypto.PrivateKey, algorithmDetails AlgorithmDetails, ...) (SignerVerifier, error)
- func LoadSignerVerifierFromPEMFile(path string, hashFunc crypto.Hash, pf cryptoutils.PassFunc) (SignerVerifier, error)
- func LoadSignerVerifierFromPEMFileWithOpts(path string, pf cryptoutils.PassFunc, opts ...LoadOption) (SignerVerifier, error)
- func LoadSignerVerifierWithOpts(privateKey crypto.PrivateKey, opts ...LoadOption) (SignerVerifier, error)
- type Verifier
- func LoadDefaultVerifier(publicKey crypto.PublicKey, opts ...LoadOption) (Verifier, error)
- func LoadUnsafeVerifier(publicKey crypto.PublicKey) (Verifier, error)
- func LoadVerifier(publicKey crypto.PublicKey, hashFunc crypto.Hash) (Verifier, error)
- func LoadVerifierFromAlgorithmDetails(publicKey crypto.PublicKey, algorithmDetails AlgorithmDetails, ...) (Verifier, error)
- func LoadVerifierFromPEMFile(path string, hashFunc crypto.Hash) (Verifier, error)
- func LoadVerifierFromPEMFileWithOpts(path string, opts ...LoadOption) (Verifier, error)
- func LoadVerifierWithOpts(publicKey crypto.PublicKey, opts ...LoadOption) (Verifier, error)
- type VerifyOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ComputeDigestForSigning ¶
func ComputeDigestForSigning(rawMessage io.Reader, defaultHashFunc crypto.Hash, supportedHashFuncs []crypto.Hash, opts ...SignOption) (digest []byte, hashedWith crypto.Hash, err error)
ComputeDigestForSigning calculates the digest value for the specified message using a hash function selected by the following process:
- if a digest value is already specified in a SignOption and the length of the digest matches that of the selected hash function, the digest value will be returned without any further computation - if a hash function is given using WithCryptoSignerOpts(opts) as a SignOption, it will be used (if it is in the supported list) - otherwise defaultHashFunc will be used (if it is in the supported list)
func ComputeDigestForVerifying ¶
func ComputeDigestForVerifying(rawMessage io.Reader, defaultHashFunc crypto.Hash, supportedHashFuncs []crypto.Hash, opts ...VerifyOption) (digest []byte, hashedWith crypto.Hash, err error)
ComputeDigestForVerifying calculates the digest value for the specified message using a hash function selected by the following process:
- if a digest value is already specified in a SignOption and the length of the digest matches that of the selected hash function, the digest value will be returned without any further computation - if a hash function is given using WithCryptoSignerOpts(opts) as a SignOption, it will be used (if it is in the supported list) - otherwise defaultHashFunc will be used (if it is in the supported list)
func FormatSignatureAlgorithmFlag ¶ added in v1.8.13
func FormatSignatureAlgorithmFlag(algorithm v1.PublicKeyDetails) (string, error)
FormatSignatureAlgorithmFlag formats a v1.PublicKeyDetails to a string that conforms to the naming conventions of CLI arguments that are used for Sigstore services.
func GetDefaultPublicKeyDetails ¶ added in v1.9.1
func GetDefaultPublicKeyDetails(publicKey crypto.PublicKey, opts ...LoadOption) (v1.PublicKeyDetails, error)
GetDefaultPublicKeyDetails returns the default public key details for a given key.
RSA 2048 => v1.PublicKeyDetails_PKIX_RSA_PKCS1V15_2048_SHA256 RSA 3072 => v1.PublicKeyDetails_PKIX_RSA_PKCS1V15_3072_SHA256 RSA 4096 => v1.PublicKeyDetails_PKIX_RSA_PKCS1V15_4096_SHA256 ECDSA P256 => v1.PublicKeyDetails_PKIX_ECDSA_P256_SHA_256 ECDSA P384 => v1.PublicKeyDetails_PKIX_ECDSA_P384_SHA_384 ECDSA P521 => v1.PublicKeyDetails_PKIX_ECDSA_P521_SHA_512 ED25519 => v1.PublicKeyDetails_PKIX_ED25519_PH
This function accepts LoadOptions, which are used to determine the default public key details when there may be ambiguities. For example, RSA keys may be PSS or PKCS1v1.5 encoded, and ED25519 keys may be used with PureEd25519 or with Ed25519ph. The Hash option is ignored if passed, because each of the supported algorithms already has a default hash.
func ParseSignatureAlgorithmFlag ¶ added in v1.8.13
func ParseSignatureAlgorithmFlag(flag string) (v1.PublicKeyDetails, error)
ParseSignatureAlgorithmFlag parses a string produced by FormatSignatureAlgorithmFlag and returns the corresponding v1.PublicKeyDetails value.
func SignImage ¶
func SignImage(signer SignerVerifier, image name.Digest, optionalAnnotations map[string]interface{}) (payload, signature []byte, err error)
SignImage signs a container manifest using the specified signer object
func VerifyImageSignature ¶
func VerifyImageSignature(signer SignerVerifier, payload, signature []byte) (image name.Digest, annotations map[string]interface{}, err error)
VerifyImageSignature verifies a signature over a container manifest
Types ¶
type AlgorithmDetails ¶ added in v1.9.0
type AlgorithmDetails struct {
// contains filtered or unexported fields
}
AlgorithmDetails exposes relevant information for a given signature algorithm.
func GetAlgorithmDetails ¶ added in v1.9.0
func GetAlgorithmDetails(knownSignatureAlgorithm v1.PublicKeyDetails) (AlgorithmDetails, error)
GetAlgorithmDetails retrieves a set of details for a given v1.PublicKeyDetails flag that allows users to introspect the public key algorithm, hash algorithm and more.
func GetDefaultAlgorithmDetails ¶ added in v1.9.1
func GetDefaultAlgorithmDetails(publicKey crypto.PublicKey, opts ...LoadOption) (AlgorithmDetails, error)
GetDefaultAlgorithmDetails returns the default algorithm details for a given key, according to GetDefaultPublicKeyDetails.
This function accepts LoadOptions, which are used to determine the default algorithm details when there may be ambiguities. For example, RSA keys may be PSS or PKCS1v1.5 encoded, and ED25519 keys may be used with PureEd25519 or with Ed25519ph. The Hash option is ignored if passed, because each of the supported algorithms already has a default hash.
func (AlgorithmDetails) GetECDSACurve ¶ added in v1.9.0
func (a AlgorithmDetails) GetECDSACurve() (*elliptic.Curve, error)
GetECDSACurve returns the elliptic curve for the algorithm details, if the key type is ECDSA.
func (AlgorithmDetails) GetHashType ¶ added in v1.9.0
func (a AlgorithmDetails) GetHashType() crypto.Hash
GetHashType returns the hash algorithm that should be used with this algorithm.
func (AlgorithmDetails) GetKeyType ¶ added in v1.9.0
func (a AlgorithmDetails) GetKeyType() PublicKeyType
GetKeyType returns the PublicKeyType for the algorithm details.
func (AlgorithmDetails) GetProtoHashType ¶ added in v1.9.3
func (a AlgorithmDetails) GetProtoHashType() v1.HashAlgorithm
GetProtoHashType is a convenience method to get the protobuf-specs type of the hash algorithm.
func (AlgorithmDetails) GetRSAKeySize ¶ added in v1.9.0
func (a AlgorithmDetails) GetRSAKeySize() (RSAKeySize, error)
GetRSAKeySize returns the RSA key size for the algorithm details, if the key type is RSA.
func (AlgorithmDetails) GetSignatureAlgorithm ¶ added in v1.9.0
func (a AlgorithmDetails) GetSignatureAlgorithm() v1.PublicKeyDetails
GetSignatureAlgorithm returns the PublicKeyDetails associated with the algorithm details.
type AlgorithmRegistryConfig ¶ added in v1.8.13
type AlgorithmRegistryConfig struct {
// contains filtered or unexported fields
}
AlgorithmRegistryConfig represents a set of permitted algorithms for a given Sigstore service or component.
Individual services may wish to restrict what algorithms are allowed to a subset of what is covered in the algorithm registry (represented by v1.PublicKeyDetails).
func NewAlgorithmRegistryConfig ¶ added in v1.8.13
func NewAlgorithmRegistryConfig(algorithmConfig []v1.PublicKeyDetails) (*AlgorithmRegistryConfig, error)
NewAlgorithmRegistryConfig creates a new AlgorithmRegistryConfig for a set of permitted signature algorithms.
func (AlgorithmRegistryConfig) IsAlgorithmPermitted ¶ added in v1.8.13
func (registryConfig AlgorithmRegistryConfig) IsAlgorithmPermitted(key crypto.PublicKey, hash crypto.Hash) (bool, error)
IsAlgorithmPermitted checks whether a given public key/hash algorithm combination is permitted by a registry config.
type ECDSASigner ¶
type ECDSASigner struct {
// contains filtered or unexported fields
}
ECDSASigner is a signature.Signer that uses an Elliptic Curve DSA algorithm
func LoadECDSASigner ¶
func LoadECDSASigner(priv *ecdsa.PrivateKey, hf crypto.Hash) (*ECDSASigner, error)
LoadECDSASigner calculates signatures using the specified private key and hash algorithm.
hf must not be crypto.Hash(0).
func (ECDSASigner) Public ¶
func (e ECDSASigner) Public() crypto.PublicKey
Public returns the public key that can be used to verify signatures created by this signer.
func (ECDSASigner) PublicKey ¶
func (e ECDSASigner) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that can be used to verify signatures created by this signer. As this value is held in memory, all options provided in arguments to this method are ignored.
func (ECDSASigner) Sign ¶
func (e ECDSASigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
Sign computes the signature for the specified digest. If a source of entropy is given in rand, it will be used instead of the default value (rand.Reader from crypto/rand).
If opts are specified, the hash function in opts.Hash should be the one used to compute digest. If opts are not specified, the value provided when the signer was created will be used instead.
func (ECDSASigner) SignMessage ¶
func (e ECDSASigner) SignMessage(message io.Reader, opts ...SignOption) ([]byte, error)
SignMessage signs the provided message. If the message is provided, this method will compute the digest according to the hash function specified when the ECDSASigner was created.
This function recognizes the following Options listed in order of preference:
- WithRand()
- WithDigest()
- WithCryptoSignerOpts()
All other options are ignored if specified.
type ECDSASignerVerifier ¶
type ECDSASignerVerifier struct { *ECDSASigner *ECDSAVerifier }
ECDSASignerVerifier is a signature.SignerVerifier that uses an Elliptic Curve DSA algorithm
func LoadECDSASignerVerifier ¶
func LoadECDSASignerVerifier(priv *ecdsa.PrivateKey, hf crypto.Hash) (*ECDSASignerVerifier, error)
LoadECDSASignerVerifier creates a combined signer and verifier. This is a convenience object that simply wraps an instance of ECDSASigner and ECDSAVerifier.
func NewDefaultECDSASignerVerifier ¶
func NewDefaultECDSASignerVerifier() (*ECDSASignerVerifier, *ecdsa.PrivateKey, error)
NewDefaultECDSASignerVerifier creates a combined signer and verifier using ECDSA.
This creates a new ECDSA key using the P-256 curve and uses the SHA256 hashing algorithm.
func NewECDSASignerVerifier ¶
func NewECDSASignerVerifier(curve elliptic.Curve, rand io.Reader, hashFunc crypto.Hash) (*ECDSASignerVerifier, *ecdsa.PrivateKey, error)
NewECDSASignerVerifier creates a combined signer and verifier using ECDSA.
This creates a new ECDSA key using the specified elliptic curve, entropy source, and hashing function.
func (ECDSASignerVerifier) PublicKey ¶
func (e ECDSASignerVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.
type ECDSAVerifier ¶
type ECDSAVerifier struct {
// contains filtered or unexported fields
}
ECDSAVerifier is a signature.Verifier that uses an Elliptic Curve DSA algorithm
func LoadECDSAVerifier ¶
LoadECDSAVerifier returns a Verifier that verifies signatures using the specified ECDSA public key and hash algorithm.
hf must not be crypto.Hash(0).
func (ECDSAVerifier) PublicKey ¶
func (e ECDSAVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.
func (ECDSAVerifier) VerifySignature ¶
func (e ECDSAVerifier) VerifySignature(signature, message io.Reader, opts ...VerifyOption) error
VerifySignature verifies the signature for the given message. Unless provided in an option, the digest of the message will be computed using the hash function specified when the ECDSAVerifier was created.
This function returns nil if the verification succeeded, and an error message otherwise.
This function recognizes the following Options listed in order of preference:
- WithDigest()
All other options are ignored if specified.
type ED25519Signer ¶
type ED25519Signer struct {
// contains filtered or unexported fields
}
ED25519Signer is a signature.Signer that uses the Ed25519 public-key signature system
func LoadED25519Signer ¶
func LoadED25519Signer(priv ed25519.PrivateKey) (*ED25519Signer, error)
LoadED25519Signer calculates signatures using the specified private key.
func (ED25519Signer) Public ¶
func (e ED25519Signer) Public() crypto.PublicKey
Public returns the public key that can be used to verify signatures created by this signer.
func (ED25519Signer) PublicKey ¶
func (e ED25519Signer) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that can be used to verify signatures created by this signer. As this value is held in memory, all options provided in arguments to this method are ignored.
func (ED25519Signer) Sign ¶
func (e ED25519Signer) Sign(_ io.Reader, message []byte, _ crypto.SignerOpts) ([]byte, error)
Sign computes the signature for the specified message; the first and third arguments to this function are ignored as they are not used by the ED25519 algorithm.
func (ED25519Signer) SignMessage ¶
func (e ED25519Signer) SignMessage(message io.Reader, _ ...SignOption) ([]byte, error)
SignMessage signs the provided message. Passing the WithDigest option is not supported as ED25519 performs a two pass hash over the message during the signing process.
All options are ignored.
type ED25519SignerVerifier ¶
type ED25519SignerVerifier struct { *ED25519Signer *ED25519Verifier }
ED25519SignerVerifier is a signature.SignerVerifier that uses the Ed25519 public-key signature system
func LoadED25519SignerVerifier ¶
func LoadED25519SignerVerifier(priv ed25519.PrivateKey) (*ED25519SignerVerifier, error)
LoadED25519SignerVerifier creates a combined signer and verifier. This is a convenience object that simply wraps an instance of ED25519Signer and ED25519Verifier.
func NewDefaultED25519SignerVerifier ¶ added in v1.1.0
func NewDefaultED25519SignerVerifier() (*ED25519SignerVerifier, ed25519.PrivateKey, error)
NewDefaultED25519SignerVerifier creates a combined signer and verifier using ED25519. This creates a new ED25519 key using crypto/rand as an entropy source.
func NewED25519SignerVerifier ¶
func NewED25519SignerVerifier(rand io.Reader) (*ED25519SignerVerifier, ed25519.PrivateKey, error)
NewED25519SignerVerifier creates a combined signer and verifier using ED25519. This creates a new ED25519 key using the specified entropy source.
func (ED25519SignerVerifier) PublicKey ¶
func (e ED25519SignerVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.
type ED25519Verifier ¶
type ED25519Verifier struct {
// contains filtered or unexported fields
}
ED25519Verifier is a signature.Verifier that uses the Ed25519 public-key signature system
func LoadED25519Verifier ¶
func LoadED25519Verifier(pub ed25519.PublicKey) (*ED25519Verifier, error)
LoadED25519Verifier returns a Verifier that verifies signatures using the specified ED25519 public key.
func (*ED25519Verifier) PublicKey ¶
func (e *ED25519Verifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.
func (*ED25519Verifier) VerifySignature ¶
func (e *ED25519Verifier) VerifySignature(signature, message io.Reader, _ ...VerifyOption) error
VerifySignature verifies the signature for the given message.
This function returns nil if the verification succeeded, and an error message otherwise.
All options are ignored if specified.
type ED25519phSigner ¶ added in v1.8.2
type ED25519phSigner struct {
// contains filtered or unexported fields
}
ED25519phSigner is a signature.Signer that uses the Ed25519 public-key signature system with pre-hashing
func LoadED25519phSigner ¶ added in v1.8.2
func LoadED25519phSigner(priv ed25519.PrivateKey) (*ED25519phSigner, error)
LoadED25519phSigner calculates signatures using the specified private key.
func (ED25519phSigner) Public ¶ added in v1.8.2
func (e ED25519phSigner) Public() crypto.PublicKey
Public returns the public key that can be used to verify signatures created by this signer.
func (ED25519phSigner) PublicKey ¶ added in v1.8.2
func (e ED25519phSigner) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that can be used to verify signatures created by this signer. As this value is held in memory, all options provided in arguments to this method are ignored.
func (ED25519phSigner) Sign ¶ added in v1.8.2
func (e ED25519phSigner) Sign(_ io.Reader, digest []byte, _ crypto.SignerOpts) ([]byte, error)
Sign computes the signature for the specified message; the first and third arguments to this function are ignored as they are not used by the ED25519ph algorithm.
func (ED25519phSigner) SignMessage ¶ added in v1.8.2
func (e ED25519phSigner) SignMessage(message io.Reader, opts ...SignOption) ([]byte, error)
SignMessage signs the provided message. If the message is provided, this method will compute the digest according to the hash function specified when the ED25519phSigner was created.
This function recognizes the following Options listed in order of preference:
- WithDigest()
All other options are ignored if specified.
type ED25519phSignerVerifier ¶ added in v1.8.2
type ED25519phSignerVerifier struct { *ED25519phSigner *ED25519phVerifier }
ED25519phSignerVerifier is a signature.SignerVerifier that uses the Ed25519 public-key signature system
func LoadED25519phSignerVerifier ¶ added in v1.8.2
func LoadED25519phSignerVerifier(priv ed25519.PrivateKey) (*ED25519phSignerVerifier, error)
LoadED25519phSignerVerifier creates a combined signer and verifier. This is a convenience object that simply wraps an instance of ED25519phSigner and ED25519phVerifier.
func NewDefaultED25519phSignerVerifier ¶ added in v1.8.2
func NewDefaultED25519phSignerVerifier() (*ED25519phSignerVerifier, ed25519.PrivateKey, error)
NewDefaultED25519phSignerVerifier creates a combined signer and verifier using ED25519. This creates a new ED25519 key using crypto/rand as an entropy source.
func NewED25519phSignerVerifier ¶ added in v1.8.2
func NewED25519phSignerVerifier(rand io.Reader) (*ED25519phSignerVerifier, ed25519.PrivateKey, error)
NewED25519phSignerVerifier creates a combined signer and verifier using ED25519. This creates a new ED25519 key using the specified entropy source.
func (ED25519phSignerVerifier) PublicKey ¶ added in v1.8.2
func (e ED25519phSignerVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.
func (ED25519phSignerVerifier) ToED25519SignerVerifier ¶ added in v1.8.2
func (e ED25519phSignerVerifier) ToED25519SignerVerifier() (*ED25519SignerVerifier, error)
ToED25519SignerVerifier creates a ED25519SignerVerifier from a ED25519phSignerVerifier
Clients that use ED25519phSignerVerifier should use this method to get a SignerVerifier that uses the same ED25519 private key, but with the Pure Ed25519 algorithm. This might be necessary to interact with Fulcio, which only supports the Pure Ed25519 algorithm.
type ED25519phVerifier ¶ added in v1.8.2
type ED25519phVerifier struct {
// contains filtered or unexported fields
}
ED25519phVerifier is a signature.Verifier that uses the Ed25519 public-key signature system
func LoadED25519phVerifier ¶ added in v1.8.2
func LoadED25519phVerifier(pub ed25519.PublicKey) (*ED25519phVerifier, error)
LoadED25519phVerifier returns a Verifier that verifies signatures using the specified ED25519 public key.
func (*ED25519phVerifier) PublicKey ¶ added in v1.8.2
func (e *ED25519phVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.
func (*ED25519phVerifier) VerifySignature ¶ added in v1.8.2
func (e *ED25519phVerifier) VerifySignature(signature, message io.Reader, opts ...VerifyOption) error
VerifySignature verifies the signature for the given message. Unless provided in an option, the digest of the message will be computed using the hash function specified when the ED25519phVerifier was created.
This function returns nil if the verification succeeded, and an error message otherwise.
This function recognizes the following Options listed in order of preference:
- WithDigest()
All other options are ignored if specified.
type LoadOption ¶ added in v1.8.2
type LoadOption interface { ApplyHash(*crypto.Hash) ApplyED25519ph(*bool) ApplyRSAPSS(**rsa.PSSOptions) }
LoadOption specifies options to be used when creating a Signer/Verifier
func GetOptsFromAlgorithmDetails ¶ added in v1.9.2
func GetOptsFromAlgorithmDetails(algorithmDetails AlgorithmDetails, opts ...LoadOption) []LoadOption
GetOptsFromAlgorithmDetails returns a list of LoadOptions that are appropriate for the given algorithm details. It ignores the hash type because that can be retrieved from the algorithm details.
type MessageOption ¶
type MessageOption interface { ApplyDigest(*[]byte) ApplyCryptoSignerOpts(*crypto.SignerOpts) }
MessageOption specifies options to be used when processing messages during signing or verification
type PublicKeyOption ¶
type PublicKeyOption interface { RPCOption }
PublicKeyOption specifies options to be used when obtaining a public key
type PublicKeyProvider ¶
type PublicKeyProvider interface {
PublicKey(opts ...PublicKeyOption) (crypto.PublicKey, error)
}
PublicKeyProvider returns a PublicKey associated with a digital signature
type PublicKeyType ¶ added in v1.8.13
type PublicKeyType uint
PublicKeyType represents the public key algorithm for a given signature algorithm.
const ( // RSA public key RSA PublicKeyType = iota // ECDSA public key ECDSA // ED25519 public key ED25519 )
type RPCOption ¶
type RPCOption interface { ApplyContext(*context.Context) ApplyRemoteVerification(*bool) ApplyRPCAuthOpts(opts *options.RPCAuth) ApplyKeyVersion(keyVersion *string) }
RPCOption specifies options to be used when performing RPC
type RSAKeySize ¶ added in v1.8.13
type RSAKeySize int
RSAKeySize represents the size of an RSA public key in bits.
type RSAPKCS1v15Signer ¶
type RSAPKCS1v15Signer struct {
// contains filtered or unexported fields
}
RSAPKCS1v15Signer is a signature.Signer that uses the RSA PKCS1v15 algorithm
func LoadRSAPKCS1v15Signer ¶
func LoadRSAPKCS1v15Signer(priv *rsa.PrivateKey, hf crypto.Hash) (*RSAPKCS1v15Signer, error)
LoadRSAPKCS1v15Signer calculates signatures using the specified private key and hash algorithm.
hf must be either SHA256, SHA388, or SHA512.
func (RSAPKCS1v15Signer) Public ¶
func (r RSAPKCS1v15Signer) Public() crypto.PublicKey
Public returns the public key that can be used to verify signatures created by this signer.
func (RSAPKCS1v15Signer) PublicKey ¶
func (r RSAPKCS1v15Signer) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that can be used to verify signatures created by this signer. As this value is held in memory, all options provided in arguments to this method are ignored.
func (RSAPKCS1v15Signer) Sign ¶
func (r RSAPKCS1v15Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
Sign computes the signature for the specified digest using PKCS1v15.
If a source of entropy is given in rand, it will be used instead of the default value (rand.Reader from crypto/rand).
If opts are specified, they should specify the hash function used to compute digest. If opts are not specified, this function assumes the hash function provided when the signer was created was used to create the value specified in digest.
func (RSAPKCS1v15Signer) SignMessage ¶
func (r RSAPKCS1v15Signer) SignMessage(message io.Reader, opts ...SignOption) ([]byte, error)
SignMessage signs the provided message using PKCS1v15. If the message is provided, this method will compute the digest according to the hash function specified when the RSAPKCS1v15Signer was created.
SignMessage recognizes the following Options listed in order of preference:
- WithRand()
- WithDigest()
- WithCryptoSignerOpts()
All other options are ignored if specified.
type RSAPKCS1v15SignerVerifier ¶
type RSAPKCS1v15SignerVerifier struct { *RSAPKCS1v15Signer *RSAPKCS1v15Verifier }
RSAPKCS1v15SignerVerifier is a signature.SignerVerifier that uses the RSA PKCS1v15 algorithm
func LoadRSAPKCS1v15SignerVerifier ¶
func LoadRSAPKCS1v15SignerVerifier(priv *rsa.PrivateKey, hf crypto.Hash) (*RSAPKCS1v15SignerVerifier, error)
LoadRSAPKCS1v15SignerVerifier creates a combined signer and verifier. This is a convenience object that simply wraps an instance of RSAPKCS1v15Signer and RSAPKCS1v15Verifier.
func NewDefaultRSAPKCS1v15SignerVerifier ¶
func NewDefaultRSAPKCS1v15SignerVerifier() (*RSAPKCS1v15SignerVerifier, *rsa.PrivateKey, error)
NewDefaultRSAPKCS1v15SignerVerifier creates a combined signer and verifier using RSA PKCS1v15. This creates a new RSA key of 2048 bits and uses the SHA256 hashing algorithm.
func NewRSAPKCS1v15SignerVerifier ¶
func NewRSAPKCS1v15SignerVerifier(rand io.Reader, bits int, hashFunc crypto.Hash) (*RSAPKCS1v15SignerVerifier, *rsa.PrivateKey, error)
NewRSAPKCS1v15SignerVerifier creates a combined signer and verifier using RSA PKCS1v15. This creates a new RSA key of the specified length of bits, entropy source, and hash function.
func (RSAPKCS1v15SignerVerifier) PublicKey ¶
func (r RSAPKCS1v15SignerVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.
type RSAPKCS1v15Verifier ¶
type RSAPKCS1v15Verifier struct {
// contains filtered or unexported fields
}
RSAPKCS1v15Verifier is a signature.Verifier that uses the RSA PKCS1v15 algorithm
func LoadRSAPKCS1v15Verifier ¶
func LoadRSAPKCS1v15Verifier(pub *rsa.PublicKey, hashFunc crypto.Hash) (*RSAPKCS1v15Verifier, error)
LoadRSAPKCS1v15Verifier returns a Verifier that verifies signatures using the specified RSA public key and hash algorithm.
hf must be either SHA256, SHA388, or SHA512.
func (RSAPKCS1v15Verifier) PublicKey ¶
func (r RSAPKCS1v15Verifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.
func (RSAPKCS1v15Verifier) VerifySignature ¶
func (r RSAPKCS1v15Verifier) VerifySignature(signature, message io.Reader, opts ...VerifyOption) error
VerifySignature verifies the signature for the given message using PKCS1v15. Unless provided in an option, the digest of the message will be computed using the hash function specified when the RSAPKCS1v15Verifier was created.
This function returns nil if the verification succeeded, and an error message otherwise.
This function recognizes the following Options listed in order of preference:
- WithDigest()
- WithCryptoSignerOpts()
All other options are ignored if specified.
type RSAPSSSigner ¶
type RSAPSSSigner struct {
// contains filtered or unexported fields
}
RSAPSSSigner is a signature.Signer that uses the RSA PSS algorithm
func LoadRSAPSSSigner ¶
func LoadRSAPSSSigner(priv *rsa.PrivateKey, hf crypto.Hash, opts *rsa.PSSOptions) (*RSAPSSSigner, error)
LoadRSAPSSSigner calculates signatures using the specified private key and hash algorithm.
If opts are specified, then they will be stored and used as a default if not overridden by the value passed to Sign().
hf must be either SHA256, SHA388, or SHA512. opts.Hash is ignored.
func (RSAPSSSigner) Public ¶
func (r RSAPSSSigner) Public() crypto.PublicKey
Public returns the public key that can be used to verify signatures created by this signer.
func (RSAPSSSigner) PublicKey ¶
func (r RSAPSSSigner) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that can be used to verify signatures created by this signer. As this value is held in memory, all options provided in arguments to this method are ignored.
func (RSAPSSSigner) Sign ¶
func (r RSAPSSSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
Sign computes the signature for the specified digest using PSS.
If a source of entropy is given in rand, it will be used instead of the default value (rand.Reader from crypto/rand).
If opts are specified, they must be *rsa.PSSOptions. If opts are not specified, the hash function provided when the signer was created will be assumed.
func (RSAPSSSigner) SignMessage ¶
func (r RSAPSSSigner) SignMessage(message io.Reader, opts ...SignOption) ([]byte, error)
SignMessage signs the provided message using PSS. If the message is provided, this method will compute the digest according to the hash function specified when the RSAPSSSigner was created.
This function recognizes the following Options listed in order of preference:
- WithRand()
- WithDigest()
- WithCryptoSignerOpts()
All other options are ignored if specified.
type RSAPSSSignerVerifier ¶
type RSAPSSSignerVerifier struct { *RSAPSSSigner *RSAPSSVerifier }
RSAPSSSignerVerifier is a signature.SignerVerifier that uses the RSA PSS algorithm
func LoadRSAPSSSignerVerifier ¶
func LoadRSAPSSSignerVerifier(priv *rsa.PrivateKey, hf crypto.Hash, opts *rsa.PSSOptions) (*RSAPSSSignerVerifier, error)
LoadRSAPSSSignerVerifier creates a combined signer and verifier using RSA PSS. This is a convenience object that simply wraps an instance of RSAPSSSigner and RSAPSSVerifier.
func NewDefaultRSAPSSSignerVerifier ¶
func NewDefaultRSAPSSSignerVerifier() (*RSAPSSSignerVerifier, *rsa.PrivateKey, error)
NewDefaultRSAPSSSignerVerifier creates a combined signer and verifier using RSA PSS. This creates a new RSA key of 2048 bits and uses the SHA256 hashing algorithm.
func NewRSAPSSSignerVerifier ¶
func NewRSAPSSSignerVerifier(rand io.Reader, bits int, hashFunc crypto.Hash) (*RSAPSSSignerVerifier, *rsa.PrivateKey, error)
NewRSAPSSSignerVerifier creates a combined signer and verifier using RSA PSS. This creates a new RSA key of the specified length of bits, entropy source, and hash function.
func (RSAPSSSignerVerifier) PublicKey ¶
func (r RSAPSSSignerVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.
type RSAPSSVerifier ¶
type RSAPSSVerifier struct {
// contains filtered or unexported fields
}
RSAPSSVerifier is a signature.Verifier that uses the RSA PSS algorithm
func LoadRSAPSSVerifier ¶
func LoadRSAPSSVerifier(pub *rsa.PublicKey, hashFunc crypto.Hash, opts *rsa.PSSOptions) (*RSAPSSVerifier, error)
LoadRSAPSSVerifier verifies signatures using the specified public key and hash algorithm.
hf must be either SHA256, SHA388, or SHA512. opts.Hash is ignored.
func (RSAPSSVerifier) PublicKey ¶
func (r RSAPSSVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)
PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.
func (RSAPSSVerifier) VerifySignature ¶
func (r RSAPSSVerifier) VerifySignature(signature, message io.Reader, opts ...VerifyOption) error
VerifySignature verifies the signature for the given message using PSS. Unless provided in an option, the digest of the message will be computed using the hash function specified when the RSAPSSVerifier was created.
This function returns nil if the verification succeeded, and an error message otherwise.
This function recognizes the following Options listed in order of preference:
- WithDigest()
- WithCryptoSignerOpts()
All other options are ignored if specified.
type SignOption ¶
type SignOption interface { RPCOption MessageOption ApplyRand(*io.Reader) ApplyKeyVersionUsed(**string) }
SignOption specifies options to be used when signing a message
type Signer ¶
type Signer interface { PublicKeyProvider SignMessage(message io.Reader, opts ...SignOption) ([]byte, error) }
Signer creates digital signatures over a message using a specified key pair
func LoadDefaultSigner ¶ added in v1.9.1
func LoadDefaultSigner(privateKey crypto.PrivateKey, opts ...LoadOption) (Signer, error)
LoadDefaultSigner returns a signature.Signer based on the private key. Each private key has a corresponding PublicKeyDetails associated in the Sigstore ecosystem, see Algorithm Registry for more details.
func LoadSigner ¶
LoadSigner returns a signature.Signer based on the algorithm of the private key provided.
If privateKey is an RSA key, a RSAPKCS1v15Signer will be returned. If a RSAPSSSigner is desired instead, use the LoadRSAPSSSigner() method directly.
func LoadSignerFromAlgorithmDetails ¶ added in v1.9.2
func LoadSignerFromAlgorithmDetails(privateKey crypto.PrivateKey, algorithmDetails AlgorithmDetails, opts ...LoadOption) (Signer, error)
LoadSignerFromAlgorithmDetails returns a signature.Signer based on the algorithm details and the user's choice of options.
func LoadSignerFromPEMFile ¶
func LoadSignerFromPEMFile(path string, hashFunc crypto.Hash, pf cryptoutils.PassFunc) (Signer, error)
LoadSignerFromPEMFile returns a signature.Signer based on the algorithm of the private key in the file. The Signer will use the hash function specified when computing digests.
If key is an RSA key, a RSAPKCS1v15Signer will be returned. If a RSAPSSSigner is desired instead, use the LoadRSAPSSSigner() and cryptoutils.UnmarshalPEMToPrivateKey() methods directly.
func LoadSignerFromPEMFileWithOpts ¶ added in v1.8.2
func LoadSignerFromPEMFileWithOpts(path string, pf cryptoutils.PassFunc, opts ...LoadOption) (Signer, error)
LoadSignerFromPEMFileWithOpts returns a signature.Signer based on the algorithm of the private key in the file. The Signer will use the hash function specified in the options when computing digests.
func LoadSignerWithOpts ¶ added in v1.8.2
func LoadSignerWithOpts(privateKey crypto.PrivateKey, opts ...LoadOption) (Signer, error)
LoadSignerWithOpts returns a signature.Signer based on the algorithm of the private key provided.
type SignerOpts ¶
type SignerOpts struct { Hash crypto.Hash Opts []SignOption }
SignerOpts implements crypto.SignerOpts but also allows callers to specify additional options that may be utilized in signing the digest provided.
func (SignerOpts) HashFunc ¶
func (s SignerOpts) HashFunc() crypto.Hash
HashFunc returns the hash function for this object
type SignerVerifier ¶
SignerVerifier creates and verifies digital signatures over a message using a specified key pair
func LoadDefaultSignerVerifier ¶ added in v1.9.1
func LoadDefaultSignerVerifier(privateKey crypto.PrivateKey, opts ...LoadOption) (SignerVerifier, error)
LoadDefaultSignerVerifier returns a signature.SignerVerifier based on the private key. Each private key has a corresponding PublicKeyDetails associated in the Sigstore ecosystem, see Algorithm Registry for more details.
func LoadSignerVerifier ¶
func LoadSignerVerifier(privateKey crypto.PrivateKey, hashFunc crypto.Hash) (SignerVerifier, error)
LoadSignerVerifier returns a signature.SignerVerifier based on the algorithm of the private key provided.
If privateKey is an RSA key, a RSAPKCS1v15SignerVerifier will be returned. If a RSAPSSSignerVerifier is desired instead, use the LoadRSAPSSSignerVerifier() method directly.
func LoadSignerVerifierFromAlgorithmDetails ¶ added in v1.9.2
func LoadSignerVerifierFromAlgorithmDetails(privateKey crypto.PrivateKey, algorithmDetails AlgorithmDetails, opts ...LoadOption) (SignerVerifier, error)
LoadSignerVerifierFromAlgorithmDetails returns a signature.SignerVerifier based on the algorithm details and the user's choice of options.
func LoadSignerVerifierFromPEMFile ¶
func LoadSignerVerifierFromPEMFile(path string, hashFunc crypto.Hash, pf cryptoutils.PassFunc) (SignerVerifier, error)
LoadSignerVerifierFromPEMFile returns a signature.SignerVerifier based on the algorithm of the private key in the file. The SignerVerifier will use the hash function specified when computing digests.
If publicKey is an RSA key, a RSAPKCS1v15SignerVerifier will be returned. If a RSAPSSSignerVerifier is desired instead, use the LoadRSAPSSSignerVerifier() and cryptoutils.UnmarshalPEMToPrivateKey() methods directly.
func LoadSignerVerifierFromPEMFileWithOpts ¶ added in v1.8.2
func LoadSignerVerifierFromPEMFileWithOpts(path string, pf cryptoutils.PassFunc, opts ...LoadOption) (SignerVerifier, error)
LoadSignerVerifierFromPEMFileWithOpts returns a signature.SignerVerifier based on the algorithm of the private key in the file. The SignerVerifier will use the hash function specified in the options when computing digests.
func LoadSignerVerifierWithOpts ¶ added in v1.8.2
func LoadSignerVerifierWithOpts(privateKey crypto.PrivateKey, opts ...LoadOption) (SignerVerifier, error)
LoadSignerVerifierWithOpts returns a signature.SignerVerifier based on the algorithm of the private key provided and the user's choice.
type Verifier ¶
type Verifier interface { PublicKeyProvider VerifySignature(signature, message io.Reader, opts ...VerifyOption) error }
Verifier verifies the digital signature using a specified public key
func LoadDefaultVerifier ¶ added in v1.9.1
func LoadDefaultVerifier(publicKey crypto.PublicKey, opts ...LoadOption) (Verifier, error)
LoadDefaultVerifier returns a signature.Verifier based on the public key. Each public key has a corresponding PublicKeyDetails associated in the Sigstore ecosystem, see Algorithm Registry for more details.
func LoadUnsafeVerifier ¶ added in v1.3.0
LoadUnsafeVerifier returns a signature.Verifier based on the algorithm of the public key provided that will use SHA1 when computing digests for RSA and ECDSA signatures.
If publicKey is an RSA key, a RSAPKCS1v15Verifier will be returned. If a RSAPSSVerifier is desired instead, use the LoadRSAPSSVerifier() method directly.
func LoadVerifier ¶
LoadVerifier returns a signature.Verifier based on the algorithm of the public key provided that will use the hash function specified when computing digests.
If publicKey is an RSA key, a RSAPKCS1v15Verifier will be returned. If a RSAPSSVerifier is desired instead, use the LoadRSAPSSVerifier() method directly.
func LoadVerifierFromAlgorithmDetails ¶ added in v1.9.2
func LoadVerifierFromAlgorithmDetails(publicKey crypto.PublicKey, algorithmDetails AlgorithmDetails, opts ...LoadOption) (Verifier, error)
LoadVerifierFromAlgorithmDetails returns a signature.Verifier based on the algorithm details and the user's choice of options.
func LoadVerifierFromPEMFile ¶
LoadVerifierFromPEMFile returns a signature.Verifier based on the contents of a file located at path. The Verifier wil use the hash function specified when computing digests.
If the publickey is an RSA key, a RSAPKCS1v15Verifier will be returned. If a RSAPSSVerifier is desired instead, use the LoadRSAPSSVerifier() and cryptoutils.UnmarshalPEMToPublicKey() methods directly.
func LoadVerifierFromPEMFileWithOpts ¶ added in v1.8.2
func LoadVerifierFromPEMFileWithOpts(path string, opts ...LoadOption) (Verifier, error)
LoadVerifierFromPEMFileWithOpts returns a signature.Verifier based on the contents of a file located at path. The Verifier wil use the hash function specified in the options when computing digests.
func LoadVerifierWithOpts ¶ added in v1.8.2
func LoadVerifierWithOpts(publicKey crypto.PublicKey, opts ...LoadOption) (Verifier, error)
LoadVerifierWithOpts returns a signature.Verifier based on the algorithm of the public key provided that will use the hash function specified when computing digests.
type VerifyOption ¶
type VerifyOption interface { RPCOption MessageOption }
VerifyOption specifies options to be used when verifying a signature
Source Files
¶
Directories
¶
Path | Synopsis |
---|---|
Package dsse includes wrappers to support DSSE
|
Package dsse includes wrappers to support DSSE |
Package kms contains utilities related to third-party KMS providers.
|
Package kms contains utilities related to third-party KMS providers. |
cliplugin
Package cliplugin implements the plugin functionality.
|
Package cliplugin implements the plugin functionality. |
cliplugin/common
Package common defines the JSON schema for plugin arguments and return values.
|
Package common defines the JSON schema for plugin arguments and return values. |
cliplugin/encoding
Package encoding has helper functions for encoding and decoding some method arguments and return values.
|
Package encoding has helper functions for encoding and decoding some method arguments and return values. |
cliplugin/handler
Package handler implements helper functions for plugins written in go.
|
Package handler implements helper functions for plugins written in go. |
cliplugin/internal/signerverifier
Package signerverifier contains interface for to be implemented by KMSs.
|
Package signerverifier contains interface for to be implemented by KMSs. |
fake
Package fake contains utilities to help test KMS providers.
|
Package fake contains utilities to help test KMS providers. |
aws
module
|
|
azure
module
|
|
gcp
module
|
|
hashivault
module
|
|
Package options defines options for KMS clients
|
Package options defines options for KMS clients |
Package payload contains types and utilities related to the Cosign signature format.
|
Package payload contains types and utilities related to the Cosign signature format. |
Package ssh implements signing with SSH keys
|
Package ssh implements signing with SSH keys |
Package tink contains utilities for interacting with Tink.
|
Package tink contains utilities for interacting with Tink. |