security

package

v0.0.2 Latest Latest Go to latest Published: Dec 15, 2023 License: GPL-3.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/jacoblai/arduino-cli

Links

Open Source Insights

Documentation ¶

Index ¶

func VerifyArduinoDetachedSignature(targetPath *paths.Path, signaturePath *paths.Path) (bool, *openpgp.Entity, error)
func VerifyDetachedSignature(targetPath *paths.Path, signaturePath *paths.Path, keyPath *paths.Path) (bool, *openpgp.Entity, error)
func VerifySignature(targetPath *paths.Path, signaturePath *paths.Path, ...) (bool, *openpgp.Entity, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func VerifyArduinoDetachedSignature ¶

func VerifyArduinoDetachedSignature(targetPath *paths.Path, signaturePath *paths.Path) (bool, *openpgp.Entity, error)

VerifyArduinoDetachedSignature checks that the detached GPG signature (in the signaturePath file) matches the given targetPath file and is an authentic signature from the bundled trusted keychain. If any of the above conditions fails this function returns false. The PGP entity in the trusted keychain that produced the signature is returned too. This function use the default and bundled arduino_public.gpg.key

func VerifyDetachedSignature ¶

func VerifyDetachedSignature(targetPath *paths.Path, signaturePath *paths.Path, keyPath *paths.Path) (bool, *openpgp.Entity, error)

VerifyDetachedSignature checks that the detached GPG signature (in the signaturePath file) matches the given targetPath file and is an authentic signature from the bundled trusted keychain. The keyPath is the path of the public key used. This function allows to specify the path of the key to use. If any of the above conditions fails this function returns false. The PGP entity in the trusted keychain that produced the signature is returned too.

func VerifySignature ¶

func VerifySignature(targetPath *paths.Path, signaturePath *paths.Path, arduinoKeyringFile io.Reader) (bool, *openpgp.Entity, error)

VerifySignature checks that the detached GPG signature (in the signaturePath file) matches the given targetPath file and is an authentic signature. This function allows to pass an io.Reader to read the custom key.

If any of the above conditions fails this function returns false.

The PGP entity in the trusted keychain that produced the signature is returned too.

Types ¶

This section is empty.

Source Files ¶

View all Source files

signatures.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL