sigstore

package
v2.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 3, 2024 License: AGPL-3.0 Imports: 22 Imported by: 0

Documentation

Overview

Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only

Package sigstore is used to verify Constellation components using sigstore, cosign and rekor.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsBase64 added in v2.11.0

func IsBase64(signature []byte) error

IsBase64 checks if the given byte slice is base64 encoded.

func SignContent added in v2.8.0

func SignContent(password, encryptedPrivateKey, content []byte) ([]byte, error)

SignContent signs the content with the cosign encrypted private key and corresponding cosign password.

func VerifyWithRekor added in v2.8.0

func VerifyWithRekor(ctx context.Context, publicKey []byte, verifier rekorVerifier, hash string) error

VerifyWithRekor checks if the hash of a signature is present in Rekor.

Types

type CosignVerifier added in v2.8.0

type CosignVerifier struct {
	// contains filtered or unexported fields
}

CosignVerifier wraps a public key that can be used for verifying signatures.

func (CosignVerifier) VerifySignature added in v2.8.0

func (c CosignVerifier) VerifySignature(content, signature []byte) error

VerifySignature checks if the signature of content can be verified using publicKey. signature is expected to be base64 encoded. publicKey is expected to be PEM encoded.

type Rekor added in v2.2.0

type Rekor struct {
	// contains filtered or unexported fields
}

Rekor allows to interact with the transparency log at: https://rekor.sigstore.dev For more information see Rekor's Swagger definition: https://www.sigstore.dev/swagger/#/

func NewRekor added in v2.2.0

func NewRekor() (*Rekor, error)

NewRekor creates a new instance of Rekor to interact with the transparency log at: https://rekor.sigstore.dev

func (*Rekor) SearchByHash added in v2.2.0

func (r *Rekor) SearchByHash(ctx context.Context, hash string) ([]string, error)

SearchByHash searches for the hash of an artifact in Rekor transparency log. A list of UUIDs will be returned, since multiple entries could be present for a single artifact in Rekor.

func (*Rekor) VerifyEntry added in v2.2.0

func (r *Rekor) VerifyEntry(ctx context.Context, uuid, publicKey string) error

VerifyEntry performs log entry verification (see verifyLogEntry) and verifies that the provided publicKey was used to sign the entry. An error is returned if any verification fails.

type Signer added in v2.9.0

type Signer interface {
	Sign(content []byte) (res []byte, err error)
}

Signer is used to sign the version file. Used for unit testing.

func NewSigner added in v2.9.0

func NewSigner(cosignPwd, privKey []byte) Signer

NewSigner returns a new Signer.

type Verifier added in v2.9.0

type Verifier interface {
	VerifySignature(content, signature []byte) error
}

Verifier checks if the signature of content can be verified.

func NewCosignVerifier added in v2.10.0

func NewCosignVerifier(pem []byte) (Verifier, error)

NewCosignVerifier unmarshalls and validates the given pem encoded public key and returns a new CosignVerifier.

Directories

Path Synopsis
Package keyselect is used to select the correct public key for signature verification.
Package keyselect is used to select the correct public key for signature verification.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL