dsse

Documentation

Index

• Variables
• func PAE(payloadType string, payload []byte) []byte
• type Envelope
  • func (e *Envelope) Verify(publicKeys ...Verifier) error
• type EnvelopeSigner
  • func NewEnvelopeSigner(singer ...Signer) (*EnvelopeSigner, error)
  • func (es *EnvelopeSigner) SignPayload(payloadType string, body []byte) (*Envelope, error)
• type Erroneous
  • func (e Erroneous) Verify([]byte, []byte) error
• type GetVerifier
• type Signature
• type Signer
• type SignerVerifier
• type Verifier

Variables

var ErrNoSigners = errors.New("no signers provided")

ErrNoSigners indicates that no signer was provided.

Functions

func PAE

func PAE(payloadType string, payload []byte) []byte

PAE stands for "Pre-Authentication-Encoding"

Types

type Envelope

type Envelope struct {
	Payload     string      `json:"payload"`
	PayloadType string      `json:"payloadType"`
	Signatures  []Signature `json:"signatures"`
}

func (*Envelope) Verify

func (e *Envelope) Verify(publicKeys ...Verifier) error

Verify is a Go implementation of the DSSE verification protocol described in detail here: https://github.com/secure-systems-lab/dsse/blob/master/protocol.md Verify accepts a number of PublicKeys which should correspond to the signatures of the envelope.

type EnvelopeSigner

type EnvelopeSigner struct {
	// contains filtered or unexported fields
}

EnvelopeSigner creates signed Envelopes.

func NewEnvelopeSigner

func NewEnvelopeSigner(singer ...Signer) (*EnvelopeSigner, error)

NewEnvelopeSigner creates an EnvelopeSigner that uses 1+ Signer algorithms to sign the data.

func (*EnvelopeSigner) SignPayload

func (es *EnvelopeSigner) SignPayload(payloadType string, body []byte) (*Envelope, error)

SignPayload signs a payload and payload type according to DSSE. Returned is an envelope as defined here: https://github.com/secure-systems-lab/dsse/blob/master/envelope.md One signature will be added for each Signer in the EnvelopeSigner.

type Erroneous

type Erroneous struct {
	Error error
}

func (Erroneous) Verify

func (e Erroneous) Verify([]byte, []byte) error

type GetVerifier

type GetVerifier func(keyId string) Verifier

type Signature

type Signature struct {
	KeyId string `json:"keyid"`
	Sig   string `json:"sig"`
}

type Signer

type Signer interface {
	Sign(data []byte) ([]byte, error)
	KeyID() (string, error)
}

Signer defines the interface for an abstract signing algorithm. The Signer interface is used to inject signature algorithm implementations into the EnvelopeSigner. This decoupling allows for any signing algorithm and key management system can be used. The full message is provided as the parameter. If the signature algorithm depends on hashing of the message prior to signature calculation, the implementor of this interface must perform such hashing. The function must return raw bytes representing the calculated signature using the current algorithm, and the key used (if applicable).

type SignerVerifier

type SignerVerifier interface {
	Signer
	Verifier
}

SignerVerifier provides both the signing and verification interface.

type Verifier

type Verifier interface {
	Verify(pae, signature []byte) error
	KeyID() (string, error)
	Public() crypto.PublicKey
}

Verifier verifies a complete message against a signature and key. If the message was hashed prior to signature generation, the verifier must perform the same steps. If KeyID returns successfully, only signature matching the key ID will be verified.