signature

package
v0.0.0-...-e9cdb6e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 18, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Overview

Package signature contains types and utilities related to Sigstore signatures.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ComputeDigestForSigning 

func ComputeDigestForSigning(rawMessage io.Reader, defaultHashFunc crypto.Hash, supportedHashFuncs []crypto.Hash, opts ...SignOption) (digest []byte, hashedWith crypto.Hash, err error)

ComputeDigestForSigning calculates the digest value for the specified message using a hash function selected by the following process:

- if a digest value is already specified in a SignOption and the length of the digest matches that of the selected hash function, the digest value will be returned without any further computation - if a hash function is given using WithCryptoSignerOpts(opts) as a SignOption, it will be used (if it is in the supported list) - otherwise defaultHashFunc will be used (if it is in the supported list)

func ComputeDigestForVerifying 

func ComputeDigestForVerifying(rawMessage io.Reader, defaultHashFunc crypto.Hash, supportedHashFuncs []crypto.Hash, opts ...VerifyOption) (digest []byte, hashedWith crypto.Hash, err error)

ComputeDigestForVerifying calculates the digest value for the specified message using a hash function selected by the following process:

- if a digest value is already specified in a SignOption and the length of the digest matches that of the selected hash function, the digest value will be returned without any further computation - if a hash function is given using WithCryptoSignerOpts(opts) as a SignOption, it will be used (if it is in the supported list) - otherwise defaultHashFunc will be used (if it is in the supported list)

func SignImage 

func SignImage(signer SignerVerifier, image name.Digest, optionalAnnotations map[string]interface{}) (payload, signature []byte, err error)

SignImage signs a container manifest using the specified signer object

func VerifyImageSignature 

func VerifyImageSignature(signer SignerVerifier, payload, signature []byte) (image name.Digest, annotations map[string]interface{}, err error)

VerifyImageSignature verifies a signature over a container manifest

Types

type ECDSASigner 

type ECDSASigner struct {
	// contains filtered or unexported fields
}

ECDSASigner is a signature.Signer that uses an Elliptic Curve DSA algorithm

func LoadECDSASigner 

func LoadECDSASigner(priv *ecdsa.PrivateKey, hf crypto.Hash) (*ECDSASigner, error)

LoadECDSASigner calculates signatures using the specified private key and hash algorithm.

hf must not be crypto.Hash(0).

func (ECDSASigner) Public 

func (e ECDSASigner) Public() crypto.PublicKey

Public returns the public key that can be used to verify signatures created by this signer.

func (ECDSASigner) PublicKey 

func (e ECDSASigner) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)

PublicKey returns the public key that can be used to verify signatures created by this signer. As this value is held in memory, all options provided in arguments to this method are ignored.

func (ECDSASigner) Sign 

func (e ECDSASigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign computes the signature for the specified digest. If a source of entropy is given in rand, it will be used instead of the default value (rand.Reader from crypto/rand).

If opts are specified, the hash function in opts.Hash should be the one used to compute digest. If opts are not specified, the value provided when the signer was created will be used instead.

func (ECDSASigner) SignMessage 

func (e ECDSASigner) SignMessage(message io.Reader, opts ...SignOption) ([]byte, error)

SignMessage signs the provided message. If the message is provided, this method will compute the digest according to the hash function specified when the ECDSASigner was created.

This function recognizes the following Options listed in order of preference:

- WithRand()

- WithDigest()

- WithCryptoSignerOpts()

All other options are ignored if specified.

type ECDSASignerVerifier 

type ECDSASignerVerifier struct {
	*ECDSASigner
	*ECDSAVerifier
}

ECDSASignerVerifier is a signature.SignerVerifier that uses an Elliptic Curve DSA algorithm

func LoadECDSASignerVerifier 

func LoadECDSASignerVerifier(priv *ecdsa.PrivateKey, hf crypto.Hash) (*ECDSASignerVerifier, error)

LoadECDSASignerVerifier creates a combined signer and verifier. This is a convenience object that simply wraps an instance of ECDSASigner and ECDSAVerifier.

func NewDefaultECDSASignerVerifier 

func NewDefaultECDSASignerVerifier() (*ECDSASignerVerifier, *ecdsa.PrivateKey, error)

NewDefaultECDSASignerVerifier creates a combined signer and verifier using ECDSA.

This creates a new ECDSA key using the P-256 curve and uses the SHA256 hashing algorithm.

func NewECDSASignerVerifier 

func NewECDSASignerVerifier(curve elliptic.Curve, rand io.Reader, hashFunc crypto.Hash) (*ECDSASignerVerifier, *ecdsa.PrivateKey, error)

NewECDSASignerVerifier creates a combined signer and verifier using ECDSA.

This creates a new ECDSA key using the specified elliptic curve, entropy source, and hashing function.

func (ECDSASignerVerifier) PublicKey 

func (e ECDSASignerVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)

PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.

type ECDSAVerifier 

type ECDSAVerifier struct {
	// contains filtered or unexported fields
}

ECDSAVerifier is a signature.Verifier that uses an Elliptic Curve DSA algorithm

func LoadECDSAVerifier 

func LoadECDSAVerifier(pub *ecdsa.PublicKey, hashFunc crypto.Hash) (*ECDSAVerifier, error)

LoadECDSAVerifier returns a Verifier that verifies signatures using the specified ECDSA public key and hash algorithm.

hf must not be crypto.Hash(0).

func (ECDSAVerifier) PublicKey 

func (e ECDSAVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)

PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.

func (ECDSAVerifier) VerifySignature 

func (e ECDSAVerifier) VerifySignature(signature, message io.Reader, opts ...VerifyOption) error

VerifySignature verifies the signature for the given message. Unless provided in an option, the digest of the message will be computed using the hash function specified when the ECDSAVerifier was created.

This function returns nil if the verification succeeded, and an error message otherwise.

This function recognizes the following Options listed in order of preference:

- WithDigest()

All other options are ignored if specified.

type ED25519Signer 

type ED25519Signer struct {
	// contains filtered or unexported fields
}

ED25519Signer is a signature.Signer that uses the Ed25519 public-key signature system

func LoadED25519Signer 

func LoadED25519Signer(priv ed25519.PrivateKey) (*ED25519Signer, error)

LoadED25519Signer calculates signatures using the specified private key.

func (ED25519Signer) Public 

func (e ED25519Signer) Public() crypto.PublicKey

Public returns the public key that can be used to verify signatures created by this signer.

func (ED25519Signer) PublicKey 

func (e ED25519Signer) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)

PublicKey returns the public key that can be used to verify signatures created by this signer. As this value is held in memory, all options provided in arguments to this method are ignored.

func (ED25519Signer) Sign 

func (e ED25519Signer) Sign(_ io.Reader, message []byte, _ crypto.SignerOpts) ([]byte, error)

Sign computes the signature for the specified message; the first and third arguments to this function are ignored as they are not used by the ED25519 algorithm.

func (ED25519Signer) SignMessage 

func (e ED25519Signer) SignMessage(message io.Reader, _ ...SignOption) ([]byte, error)

SignMessage signs the provided message. Passing the WithDigest option is not supported as ED25519 performs a two pass hash over the message during the signing process.

All options are ignored.

type ED25519SignerVerifier 

type ED25519SignerVerifier struct {
	*ED25519Signer
	*ED25519Verifier
}

ED25519SignerVerifier is a signature.SignerVerifier that uses the Ed25519 public-key signature system

func LoadED25519SignerVerifier 

func LoadED25519SignerVerifier(priv ed25519.PrivateKey) (*ED25519SignerVerifier, error)

LoadED25519SignerVerifier creates a combined signer and verifier. This is a convenience object that simply wraps an instance of ED25519Signer and ED25519Verifier.

func NewDefaultED25519SignerVerifier 

func NewDefaultED25519SignerVerifier() (*ED25519SignerVerifier, ed25519.PrivateKey, error)

NewDefaultED25519SignerVerifier creates a combined signer and verifier using ED25519. This creates a new ED25519 key using crypto/rand as an entropy source.

func NewED25519SignerVerifier 

func NewED25519SignerVerifier(rand io.Reader) (*ED25519SignerVerifier, ed25519.PrivateKey, error)

NewED25519SignerVerifier creates a combined signer and verifier using ED25519. This creates a new ED25519 key using the specified entropy source.

func (ED25519SignerVerifier) PublicKey 

func (e ED25519SignerVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)

PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.

type ED25519Verifier 

type ED25519Verifier struct {
	// contains filtered or unexported fields
}

ED25519Verifier is a signature.Verifier that uses the Ed25519 public-key signature system

func LoadED25519Verifier 

func LoadED25519Verifier(pub ed25519.PublicKey) (*ED25519Verifier, error)

LoadED25519Verifier returns a Verifier that verifies signatures using the specified ED25519 public key.

func (*ED25519Verifier) PublicKey 

func (e *ED25519Verifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)

PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.

func (*ED25519Verifier) VerifySignature 

func (e *ED25519Verifier) VerifySignature(signature, message io.Reader, _ ...VerifyOption) error

VerifySignature verifies the signature for the given message.

This function returns nil if the verification succeeded, and an error message otherwise.

All options are ignored if specified.

type ED25519phSigner 

type ED25519phSigner struct {
	// contains filtered or unexported fields
}

ED25519phSigner is a signature.Signer that uses the Ed25519 public-key signature system with pre-hashing

func LoadED25519phSigner 

func LoadED25519phSigner(priv ed25519.PrivateKey) (*ED25519phSigner, error)

LoadED25519phSigner calculates signatures using the specified private key.

func (ED25519phSigner) Public 

func (e ED25519phSigner) Public() crypto.PublicKey

Public returns the public key that can be used to verify signatures created by this signer.

func (ED25519phSigner) PublicKey 

func (e ED25519phSigner) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)

PublicKey returns the public key that can be used to verify signatures created by this signer. As this value is held in memory, all options provided in arguments to this method are ignored.

func (ED25519phSigner) Sign 

func (e ED25519phSigner) Sign(_ io.Reader, digest []byte, _ crypto.SignerOpts) ([]byte, error)

Sign computes the signature for the specified message; the first and third arguments to this function are ignored as they are not used by the ED25519ph algorithm.

func (ED25519phSigner) SignMessage 

func (e ED25519phSigner) SignMessage(message io.Reader, opts ...SignOption) ([]byte, error)

SignMessage signs the provided message. If the message is provided, this method will compute the digest according to the hash function specified when the ED25519phSigner was created.

This function recognizes the following Options listed in order of preference:

- WithDigest()

All other options are ignored if specified.

type ED25519phSignerVerifier 

type ED25519phSignerVerifier struct {
	*ED25519phSigner
	*ED25519phVerifier
}

ED25519phSignerVerifier is a signature.SignerVerifier that uses the Ed25519 public-key signature system

func LoadED25519phSignerVerifier 

func LoadED25519phSignerVerifier(priv ed25519.PrivateKey) (*ED25519phSignerVerifier, error)

LoadED25519phSignerVerifier creates a combined signer and verifier. This is a convenience object that simply wraps an instance of ED25519phSigner and ED25519phVerifier.

func NewDefaultED25519phSignerVerifier 

func NewDefaultED25519phSignerVerifier() (*ED25519phSignerVerifier, ed25519.PrivateKey, error)

NewDefaultED25519phSignerVerifier creates a combined signer and verifier using ED25519. This creates a new ED25519 key using crypto/rand as an entropy source.

func NewED25519phSignerVerifier 

func NewED25519phSignerVerifier(rand io.Reader) (*ED25519phSignerVerifier, ed25519.PrivateKey, error)

NewED25519phSignerVerifier creates a combined signer and verifier using ED25519. This creates a new ED25519 key using the specified entropy source.

func (ED25519phSignerVerifier) PublicKey 

func (e ED25519phSignerVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)

PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.

func (ED25519phSignerVerifier) ToED25519SignerVerifier 

func (e ED25519phSignerVerifier) ToED25519SignerVerifier() (*ED25519SignerVerifier, error)

ToED25519SignerVerifier creates a ED25519SignerVerifier from a ED25519phSignerVerifier

Clients that use ED25519phSignerVerifier should use this method to get a SignerVerifier that uses the same ED25519 private key, but with the Pure Ed25519 algorithm. This might be necessary to interact with Fulcio, which only supports the Pure Ed25519 algorithm.

type ED25519phVerifier 

type ED25519phVerifier struct {
	// contains filtered or unexported fields
}

ED25519phVerifier is a signature.Verifier that uses the Ed25519 public-key signature system

func LoadED25519phVerifier 

func LoadED25519phVerifier(pub ed25519.PublicKey) (*ED25519phVerifier, error)

LoadED25519phVerifier returns a Verifier that verifies signatures using the specified ED25519 public key.

func (*ED25519phVerifier) PublicKey 

func (e *ED25519phVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)

PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.

func (*ED25519phVerifier) VerifySignature 

func (e *ED25519phVerifier) VerifySignature(signature, message io.Reader, opts ...VerifyOption) error

VerifySignature verifies the signature for the given message. Unless provided in an option, the digest of the message will be computed using the hash function specified when the ED25519phVerifier was created.

This function returns nil if the verification succeeded, and an error message otherwise.

This function recognizes the following Options listed in order of preference:

- WithDigest()

All other options are ignored if specified.

type LoadOption 

type LoadOption interface {
	ApplyHash(*crypto.Hash)
	ApplyED25519ph(*bool)
	ApplyRSAPSS(**rsa.PSSOptions)
}

LoadOption specifies options to be used when creating a Signer/Verifier

type MessageOption 

type MessageOption interface {
	ApplyDigest(*[]byte)
	ApplyCryptoSignerOpts(*crypto.SignerOpts)
}

MessageOption specifies options to be used when processing messages during signing or verification

type PublicKeyOption 

type PublicKeyOption interface {
	RPCOption
}

PublicKeyOption specifies options to be used when obtaining a public key

type PublicKeyProvider 

type PublicKeyProvider interface {
	PublicKey(opts ...PublicKeyOption) (crypto.PublicKey, error)
}

PublicKeyProvider returns a PublicKey associated with a digital signature

type RPCOption 

type RPCOption interface {
	ApplyContext(*context.Context)
	ApplyRemoteVerification(*bool)
	ApplyRPCAuthOpts(opts *options.RPCAuth)
	ApplyKeyVersion(keyVersion *string)
}

RPCOption specifies options to be used when performing RPC

type RSAPKCS1v15Signer 

type RSAPKCS1v15Signer struct {
	// contains filtered or unexported fields
}

RSAPKCS1v15Signer is a signature.Signer that uses the RSA PKCS1v15 algorithm

func LoadRSAPKCS1v15Signer 

func LoadRSAPKCS1v15Signer(priv *rsa.PrivateKey, hf crypto.Hash) (*RSAPKCS1v15Signer, error)

LoadRSAPKCS1v15Signer calculates signatures using the specified private key and hash algorithm.

hf must be either SHA256, SHA388, or SHA512.

func (RSAPKCS1v15Signer) Public 

func (r RSAPKCS1v15Signer) Public() crypto.PublicKey

Public returns the public key that can be used to verify signatures created by this signer.

func (RSAPKCS1v15Signer) PublicKey 

func (r RSAPKCS1v15Signer) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)

PublicKey returns the public key that can be used to verify signatures created by this signer. As this value is held in memory, all options provided in arguments to this method are ignored.

func (RSAPKCS1v15Signer) Sign 

func (r RSAPKCS1v15Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign computes the signature for the specified digest using PKCS1v15.

If a source of entropy is given in rand, it will be used instead of the default value (rand.Reader from crypto/rand).

If opts are specified, they should specify the hash function used to compute digest. If opts are not specified, this function assumes the hash function provided when the signer was created was used to create the value specified in digest.

func (RSAPKCS1v15Signer) SignMessage 

func (r RSAPKCS1v15Signer) SignMessage(message io.Reader, opts ...SignOption) ([]byte, error)

SignMessage signs the provided message using PKCS1v15. If the message is provided, this method will compute the digest according to the hash function specified when the RSAPKCS1v15Signer was created.

SignMessage recognizes the following Options listed in order of preference:

- WithRand()

- WithDigest()

- WithCryptoSignerOpts()

All other options are ignored if specified.

type RSAPKCS1v15SignerVerifier 

type RSAPKCS1v15SignerVerifier struct {
	*RSAPKCS1v15Signer
	*RSAPKCS1v15Verifier
}

RSAPKCS1v15SignerVerifier is a signature.SignerVerifier that uses the RSA PKCS1v15 algorithm

func LoadRSAPKCS1v15SignerVerifier 

func LoadRSAPKCS1v15SignerVerifier(priv *rsa.PrivateKey, hf crypto.Hash) (*RSAPKCS1v15SignerVerifier, error)

LoadRSAPKCS1v15SignerVerifier creates a combined signer and verifier. This is a convenience object that simply wraps an instance of RSAPKCS1v15Signer and RSAPKCS1v15Verifier.

func NewDefaultRSAPKCS1v15SignerVerifier 

func NewDefaultRSAPKCS1v15SignerVerifier() (*RSAPKCS1v15SignerVerifier, *rsa.PrivateKey, error)

NewDefaultRSAPKCS1v15SignerVerifier creates a combined signer and verifier using RSA PKCS1v15. This creates a new RSA key of 2048 bits and uses the SHA256 hashing algorithm.

func NewRSAPKCS1v15SignerVerifier 

func NewRSAPKCS1v15SignerVerifier(rand io.Reader, bits int, hashFunc crypto.Hash) (*RSAPKCS1v15SignerVerifier, *rsa.PrivateKey, error)

NewRSAPKCS1v15SignerVerifier creates a combined signer and verifier using RSA PKCS1v15. This creates a new RSA key of the specified length of bits, entropy source, and hash function.

func (RSAPKCS1v15SignerVerifier) PublicKey 

func (r RSAPKCS1v15SignerVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)

PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.

type RSAPKCS1v15Verifier 

type RSAPKCS1v15Verifier struct {
	// contains filtered or unexported fields
}

RSAPKCS1v15Verifier is a signature.Verifier that uses the RSA PKCS1v15 algorithm

func LoadRSAPKCS1v15Verifier 

func LoadRSAPKCS1v15Verifier(pub *rsa.PublicKey, hashFunc crypto.Hash) (*RSAPKCS1v15Verifier, error)

LoadRSAPKCS1v15Verifier returns a Verifier that verifies signatures using the specified RSA public key and hash algorithm.

hf must be either SHA256, SHA388, or SHA512.

func (RSAPKCS1v15Verifier) PublicKey 

func (r RSAPKCS1v15Verifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)

PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.

func (RSAPKCS1v15Verifier) VerifySignature 

func (r RSAPKCS1v15Verifier) VerifySignature(signature, message io.Reader, opts ...VerifyOption) error

VerifySignature verifies the signature for the given message using PKCS1v15. Unless provided in an option, the digest of the message will be computed using the hash function specified when the RSAPKCS1v15Verifier was created.

This function returns nil if the verification succeeded, and an error message otherwise.

This function recognizes the following Options listed in order of preference:

- WithDigest()

- WithCryptoSignerOpts()

All other options are ignored if specified.

type RSAPSSSigner 

type RSAPSSSigner struct {
	// contains filtered or unexported fields
}

RSAPSSSigner is a signature.Signer that uses the RSA PSS algorithm

func LoadRSAPSSSigner 

func LoadRSAPSSSigner(priv *rsa.PrivateKey, hf crypto.Hash, opts *rsa.PSSOptions) (*RSAPSSSigner, error)

LoadRSAPSSSigner calculates signatures using the specified private key and hash algorithm.

If opts are specified, then they will be stored and used as a default if not overridden by the value passed to Sign().

hf must be either SHA256, SHA388, or SHA512. opts.Hash is ignored.

func (RSAPSSSigner) Public 

func (r RSAPSSSigner) Public() crypto.PublicKey

Public returns the public key that can be used to verify signatures created by this signer.

func (RSAPSSSigner) PublicKey 

func (r RSAPSSSigner) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)

PublicKey returns the public key that can be used to verify signatures created by this signer. As this value is held in memory, all options provided in arguments to this method are ignored.

func (RSAPSSSigner) Sign 

func (r RSAPSSSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign computes the signature for the specified digest using PSS.

If a source of entropy is given in rand, it will be used instead of the default value (rand.Reader from crypto/rand).

If opts are specified, they must be *rsa.PSSOptions. If opts are not specified, the hash function provided when the signer was created will be assumed.

func (RSAPSSSigner) SignMessage 

func (r RSAPSSSigner) SignMessage(message io.Reader, opts ...SignOption) ([]byte, error)

SignMessage signs the provided message using PSS. If the message is provided, this method will compute the digest according to the hash function specified when the RSAPSSSigner was created.

This function recognizes the following Options listed in order of preference:

- WithRand()

- WithDigest()

- WithCryptoSignerOpts()

All other options are ignored if specified.

type RSAPSSSignerVerifier 

type RSAPSSSignerVerifier struct {
	*RSAPSSSigner
	*RSAPSSVerifier
}

RSAPSSSignerVerifier is a signature.SignerVerifier that uses the RSA PSS algorithm

func LoadRSAPSSSignerVerifier 

func LoadRSAPSSSignerVerifier(priv *rsa.PrivateKey, hf crypto.Hash, opts *rsa.PSSOptions) (*RSAPSSSignerVerifier, error)

LoadRSAPSSSignerVerifier creates a combined signer and verifier using RSA PSS. This is a convenience object that simply wraps an instance of RSAPSSSigner and RSAPSSVerifier.

func NewDefaultRSAPSSSignerVerifier 

func NewDefaultRSAPSSSignerVerifier() (*RSAPSSSignerVerifier, *rsa.PrivateKey, error)

NewDefaultRSAPSSSignerVerifier creates a combined signer and verifier using RSA PSS. This creates a new RSA key of 2048 bits and uses the SHA256 hashing algorithm.

func NewRSAPSSSignerVerifier 

func NewRSAPSSSignerVerifier(rand io.Reader, bits int, hashFunc crypto.Hash) (*RSAPSSSignerVerifier, *rsa.PrivateKey, error)

NewRSAPSSSignerVerifier creates a combined signer and verifier using RSA PSS. This creates a new RSA key of the specified length of bits, entropy source, and hash function.

func (RSAPSSSignerVerifier) PublicKey 

func (r RSAPSSSignerVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)

PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.

type RSAPSSVerifier 

type RSAPSSVerifier struct {
	// contains filtered or unexported fields
}

RSAPSSVerifier is a signature.Verifier that uses the RSA PSS algorithm

func LoadRSAPSSVerifier 

func LoadRSAPSSVerifier(pub *rsa.PublicKey, hashFunc crypto.Hash, opts *rsa.PSSOptions) (*RSAPSSVerifier, error)

LoadRSAPSSVerifier verifies signatures using the specified public key and hash algorithm.

hf must be either SHA256, SHA388, or SHA512. opts.Hash is ignored.

func (RSAPSSVerifier) PublicKey 

func (r RSAPSSVerifier) PublicKey(_ ...PublicKeyOption) (crypto.PublicKey, error)

PublicKey returns the public key that is used to verify signatures by this verifier. As this value is held in memory, all options provided in arguments to this method are ignored.

func (RSAPSSVerifier) VerifySignature 

func (r RSAPSSVerifier) VerifySignature(signature, message io.Reader, opts ...VerifyOption) error

VerifySignature verifies the signature for the given message using PSS. Unless provided in an option, the digest of the message will be computed using the hash function specified when the RSAPSSVerifier was created.

This function returns nil if the verification succeeded, and an error message otherwise.

This function recognizes the following Options listed in order of preference:

- WithDigest()

- WithCryptoSignerOpts()

All other options are ignored if specified.

type SignOption 

type SignOption interface {
	RPCOption
	MessageOption
	ApplyRand(*io.Reader)
	ApplyKeyVersionUsed(**string)
}

SignOption specifies options to be used when signing a message

type Signer 

type Signer interface {
	PublicKeyProvider
	SignMessage(message io.Reader, opts ...SignOption) ([]byte, error)
}

Signer creates digital signatures over a message using a specified key pair

func LoadSigner 

func LoadSigner(privateKey crypto.PrivateKey, hashFunc crypto.Hash) (Signer, error)

LoadSigner returns a signature.Signer based on the algorithm of the private key provided.

If privateKey is an RSA key, a RSAPKCS1v15Signer will be returned. If a RSAPSSSigner is desired instead, use the LoadRSAPSSSigner() method directly.

func LoadSignerFromPEMFile 

func LoadSignerFromPEMFile(path string, hashFunc crypto.Hash, pf cryptoutils.PassFunc) (Signer, error)

LoadSignerFromPEMFile returns a signature.Signer based on the algorithm of the private key in the file. The Signer will use the hash function specified when computing digests.

If key is an RSA key, a RSAPKCS1v15Signer will be returned. If a RSAPSSSigner is desired instead, use the LoadRSAPSSSigner() and cryptoutils.UnmarshalPEMToPrivateKey() methods directly.

func LoadSignerFromPEMFileWithOpts 

func LoadSignerFromPEMFileWithOpts(path string, pf cryptoutils.PassFunc, opts ...LoadOption) (Signer, error)

LoadSignerFromPEMFileWithOpts returns a signature.Signer based on the algorithm of the private key in the file. The Signer will use the hash function specified in the options when computing digests.

func LoadSignerWithOpts 

func LoadSignerWithOpts(privateKey crypto.PrivateKey, opts ...LoadOption) (Signer, error)

LoadSignerWithOpts returns a signature.Signer based on the algorithm of the private key provided.

type SignerOpts 

type SignerOpts struct {
	Hash crypto.Hash
	Opts []SignOption
}

SignerOpts implements crypto.SignerOpts but also allows callers to specify additional options that may be utilized in signing the digest provided.

func (SignerOpts) HashFunc 

func (s SignerOpts) HashFunc() crypto.Hash

HashFunc returns the hash function for this object

type SignerVerifier 

type SignerVerifier interface {
	Signer
	Verifier
}

SignerVerifier creates and verifies digital signatures over a message using a specified key pair

func LoadSignerVerifier 

func LoadSignerVerifier(privateKey crypto.PrivateKey, hashFunc crypto.Hash) (SignerVerifier, error)

LoadSignerVerifier returns a signature.SignerVerifier based on the algorithm of the private key provided.

If privateKey is an RSA key, a RSAPKCS1v15SignerVerifier will be returned. If a RSAPSSSignerVerifier is desired instead, use the LoadRSAPSSSignerVerifier() method directly.

func LoadSignerVerifierFromPEMFile 

func LoadSignerVerifierFromPEMFile(path string, hashFunc crypto.Hash, pf cryptoutils.PassFunc) (SignerVerifier, error)

LoadSignerVerifierFromPEMFile returns a signature.SignerVerifier based on the algorithm of the private key in the file. The SignerVerifier will use the hash function specified when computing digests.

If publicKey is an RSA key, a RSAPKCS1v15SignerVerifier will be returned. If a RSAPSSSignerVerifier is desired instead, use the LoadRSAPSSSignerVerifier() and cryptoutils.UnmarshalPEMToPrivateKey() methods directly.

func LoadSignerVerifierFromPEMFileWithOpts 

func LoadSignerVerifierFromPEMFileWithOpts(path string, pf cryptoutils.PassFunc, opts ...LoadOption) (SignerVerifier, error)

LoadSignerVerifierFromPEMFileWithOpts returns a signature.SignerVerifier based on the algorithm of the private key in the file. The SignerVerifier will use the hash function specified in the options when computing digests.

func LoadSignerVerifierWithOpts 

func LoadSignerVerifierWithOpts(privateKey crypto.PrivateKey, opts ...LoadOption) (SignerVerifier, error)

LoadSignerVerifierWithOpts returns a signature.SignerVerifier based on the algorithm of the private key provided and the user's choice.

type Verifier 

type Verifier interface {
	PublicKeyProvider
	VerifySignature(signature, message io.Reader, opts ...VerifyOption) error
}

Verifier verifies the digital signature using a specified public key

func LoadUnsafeVerifier 

func LoadUnsafeVerifier(publicKey crypto.PublicKey) (Verifier, error)

LoadUnsafeVerifier returns a signature.Verifier based on the algorithm of the public key provided that will use SHA1 when computing digests for RSA and ECDSA signatures.

If publicKey is an RSA key, a RSAPKCS1v15Verifier will be returned. If a RSAPSSVerifier is desired instead, use the LoadRSAPSSVerifier() method directly.

func LoadVerifier 

func LoadVerifier(publicKey crypto.PublicKey, hashFunc crypto.Hash) (Verifier, error)

LoadVerifier returns a signature.Verifier based on the algorithm of the public key provided that will use the hash function specified when computing digests.

If publicKey is an RSA key, a RSAPKCS1v15Verifier will be returned. If a RSAPSSVerifier is desired instead, use the LoadRSAPSSVerifier() method directly.

func LoadVerifierFromPEMFile 

func LoadVerifierFromPEMFile(path string, hashFunc crypto.Hash) (Verifier, error)

LoadVerifierFromPEMFile returns a signature.Verifier based on the contents of a file located at path. The Verifier wil use the hash function specified when computing digests.

If the publickey is an RSA key, a RSAPKCS1v15Verifier will be returned. If a RSAPSSVerifier is desired instead, use the LoadRSAPSSVerifier() and cryptoutils.UnmarshalPEMToPublicKey() methods directly.

func LoadVerifierFromPEMFileWithOpts 

func LoadVerifierFromPEMFileWithOpts(path string, opts ...LoadOption) (Verifier, error)

LoadVerifierFromPEMFileWithOpts returns a signature.Verifier based on the contents of a file located at path. The Verifier wil use the hash function specified in the options when computing digests.

func LoadVerifierWithOpts 

func LoadVerifierWithOpts(publicKey crypto.PublicKey, opts ...LoadOption) (Verifier, error)

LoadVerifierWithOpts returns a signature.Verifier based on the algorithm of the public key provided that will use the hash function specified when computing digests.

type VerifyOption 

type VerifyOption interface {
	RPCOption
	MessageOption
}

VerifyOption specifies options to be used when verifying a signature

Source Files

View all Source files

Directories

Path Synopsis
Package dsse includes wrappers to support DSSE
 Package dsse includes wrappers to support DSSE
kms
Package kms contains utilities related to third-party KMS providers.
 Package kms contains utilities related to third-party KMS providers.
fake
Package fake contains utilities to help test KMS providers.
 Package fake contains utilities to help test KMS providers.
Package options defines options for KMS clients
 Package options defines options for KMS clients
Package payload contains types and utilities related to the Cosign signature format.
 Package payload contains types and utilities related to the Cosign signature format.
Package ssh implements signing with SSH keys
 Package ssh implements signing with SSH keys

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.