Documentation
¶
Index ¶
- Constants
- func OCSPVerify(chain ...*x509.Certificate) error
- func Sign(ctx context.Context, path string, opts ...SignOpt) error
- func Verify(ctx context.Context, path string, opts ...VerifyOpt) error
- func VerifyFingerprints(ctx context.Context, path string, fingerprints []string, opts ...VerifyOpt) error
- type SignOpt
- type VerifyCallback
- type VerifyOpt
- func OptVerifyAll() VerifyOpt
- func OptVerifyCallback(cb VerifyCallback) VerifyOpt
- func OptVerifyGroup(groupID uint32) VerifyOpt
- func OptVerifyLegacy() VerifyOpt
- func OptVerifyObject(id uint32) VerifyOpt
- func OptVerifyWithCertificate(c *x509.Certificate) VerifyOpt
- func OptVerifyWithIntermediates(p *x509.CertPool) VerifyOpt
- func OptVerifyWithOCSP() VerifyOpt
- func OptVerifyWithPGP(opts ...client.Option) VerifyOpt
- func OptVerifyWithRoots(p *x509.CertPool) VerifyOpt
- func OptVerifyWithVerifier(sv signature.Verifier) VerifyOpt
Constants ¶
const ( // PKIXOCSPNoCheck refers to the Revocation Checking of an Authorized Responder. // More more info check https://oidref.com/1.3.6.1.5.5.7.48.1.5 PKIXOCSPNoCheck = "1.3.6.1.5.5.7.48.1.5" )
Variables ¶
This section is empty.
Functions ¶
func OCSPVerify ¶
func OCSPVerify(chain ...*x509.Certificate) error
func Sign ¶
Sign adds one or more digital signatures to the SIF image found at path, according to opts. Key material must be provided via OptSignEntitySelector.
By default, one digital signature is added per object group in f. To override this behavior, consider using OptSignGroup and/or OptSignObject.
func Verify ¶
Verify verifies digital signature(s) in the SIF image found at path, according to opts.
To use key material from an x.509 certificate, use OptVerifyWithCertificate. The system roots or the platform verifier will be used to verify the certificate, unless OptVerifyWithIntermediates and/or OptVerifyWithRoots are specified.
To use raw key material, use OptVerifyWithVerifier.
To use PGP key material, use OptVerifyWithPGP.
By default, non-legacy signatures for all object groups are verified. To override the default behavior, consider using OptVerifyGroup, OptVerifyObject, OptVerifyAll, and/or OptVerifyLegacy.
func VerifyFingerprints ¶
func VerifyFingerprints(ctx context.Context, path string, fingerprints []string, opts ...VerifyOpt) error
VerifyFingerprints verifies an image and checks it was signed by *all* of the provided fingerprints.
To use key material from an x.509 certificate, use OptVerifyWithCertificate. The system roots or the platform verifier will be used to verify the certificate, unless OptVerifyWithIntermediates and/or OptVerifyWithRoots are specified.
To use raw key material, use OptVerifyWithVerifier.
To use PGP key material, use OptVerifyWithPGP.
By default, non-legacy signatures for all object groups are verified. To override the default behavior, consider using OptVerifyGroup, OptVerifyObject, OptVerifyAll, and/or OptVerifyLegacy.
Types ¶
type SignOpt ¶
type SignOpt func(s *signer) error
SignOpt are used to configure s.
func OptSignEntitySelector ¶
func OptSignEntitySelector(f sypgp.EntitySelector) SignOpt
OptSignEntitySelector specifies f be used to select (and decrypt, if necessary) the entity to use to generate signature(s).
func OptSignGroup ¶
OptSignGroup specifies that a signature be applied to cover all objects in the group with the specified groupID. This may be called multiple times to add multiple group signatures.
func OptSignObjects ¶
OptSignObjects specifies that one or more signature(s) be applied to cover objects with the specified ids. One signature will be applied for each group ID associated with the object(s). This may be called multiple times to add multiple signatures.
func OptSignWithSigner ¶
OptSignWithSigner specifies ss be used to generate signature(s).
type VerifyCallback ¶
type VerifyCallback func(*sif.FileImage, integrity.VerifyResult) bool
type VerifyOpt ¶
type VerifyOpt func(v *verifier) error
VerifyOpt are used to configure v.
func OptVerifyAll ¶
func OptVerifyAll() VerifyOpt
OptVerifyAll adds one verification task per non-signature object in the image when verification of legacy signatures is enabled. When verification of legacy signatures is disabled (the default), this option has no effect.
func OptVerifyCallback ¶
func OptVerifyCallback(cb VerifyCallback) VerifyOpt
OptVerifyCallback registers f as the verification callback.
func OptVerifyGroup ¶
OptVerifyGroup adds a verification task for the group with the specified groupID. This may be called multiple times to request verification of more than one group.
func OptVerifyLegacy ¶
func OptVerifyLegacy() VerifyOpt
OptVerifyLegacy enables verification of legacy signatures.
func OptVerifyObject ¶
OptVerifyObject adds a verification task for the object with the specified id. This may be called multiple times to request verification of more than one object.
func OptVerifyWithCertificate ¶
func OptVerifyWithCertificate(c *x509.Certificate) VerifyOpt
OptVerifyWithCertificate appends c as a source of key material to verify signatures.
func OptVerifyWithIntermediates ¶
OptVerifyWithIntermediates specifies p as the pool of certificates that can be used to form a chain from the leaf certificate to a root certificate.
func OptVerifyWithOCSP ¶
func OptVerifyWithOCSP() VerifyOpt
OptVerifyWithOCSP subjects the x509 certificate chains to online revocation checks, before the leaf certificate is deemed as trusted for validating the signature.
func OptVerifyWithPGP ¶
OptVerifyWithPGP adds the local public keyring as a source of key material to verify signatures. If supplied, opts specify a keyserver to use in addition to the local public keyring.
func OptVerifyWithRoots ¶
OptVerifyWithRoots specifies p as the pool of root certificates to use, instead of the system roots or the platform verifier.
func OptVerifyWithVerifier ¶
OptVerifyWithVerifier appends sv as a source of key material to verify signatures.
Source Files