Documentation ¶
Overview ¶
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
Package sigstore is used to verify Constellation components using sigstore, cosign and rekor.
Index ¶
- func CosignPublicKeyForVersion(ver versionsapi.Version) ([]byte, error)
- func SignContent(password, encryptedPrivateKey, content []byte) ([]byte, error)
- func VerifyWithRekor(ctx context.Context, version versionsapi.Version, verifier rekorVerifier, ...) error
- type CosignVerifier
- type Rekor
- type Signer
- type Verifier
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CosignPublicKeyForVersion ¶ added in v2.8.0
func CosignPublicKeyForVersion(ver versionsapi.Version) ([]byte, error)
CosignPublicKeyForVersion returns the public key for the given version.
func SignContent ¶ added in v2.8.0
SignContent signs the content with the cosign encrypted private key and corresponding cosign password.
func VerifyWithRekor ¶ added in v2.8.0
func VerifyWithRekor(ctx context.Context, version versionsapi.Version, verifier rekorVerifier, hash string) error
VerifyWithRekor checks if the hash of a signature is present in Rekor.
Types ¶
type CosignVerifier ¶ added in v2.8.0
type CosignVerifier struct{}
CosignVerifier checks if the signature of content can be verified using a cosign public key.
func (CosignVerifier) VerifySignature ¶ added in v2.8.0
func (CosignVerifier) VerifySignature(content, signature, publicKey []byte) error
VerifySignature checks if the signature of content can be verified using publicKey. signature is expected to be base64 encoded. publicKey is expected to be PEM encoded.
type Rekor ¶ added in v2.2.0
type Rekor struct {
// contains filtered or unexported fields
}
Rekor allows to interact with the transparency log at: https://rekor.sigstore.dev For more information see Rekor's Swagger definition: https://www.sigstore.dev/swagger/#/
func NewRekor ¶ added in v2.2.0
NewRekor creates a new instance of Rekor to interact with the transparency log at: https://rekor.sigstore.dev
func (*Rekor) SearchByHash ¶ added in v2.2.0
SearchByHash searches for the hash of an artifact in Rekor transparency log. A list of UUIDs will be returned, since multiple entries could be present for a single artifact in Rekor.
func (*Rekor) VerifyEntry ¶ added in v2.2.0
VerifyEntry performs log entry verification (see verifyLogEntry) and verifies that the provided publicKey was used to sign the entry. An error is returned if any verification fails.