Documentation ¶
Index ¶
- Variables
- func AddDelegation() *ffcli.Command
- func ClearEmptySignatures(store tuf.LocalStore, role string) error
- func DelegationCmd(ctx context.Context, opts *DelegationOptions) error
- func DoKeyPOPSign(ctx context.Context, challenge, nonce string, signer signature.Signer) ([]byte, error)
- func GetExpiration(role string) time.Time
- func GetKeyIDForRole(directory, role string) (string, error)
- func GetPublicKeyFromID(directory, keyid string) (crypto.PublicKey, error)
- func GetSigner(ctx context.Context, sk bool, keyRef string) (signature.Signer, error)
- func GetVerifier(_ context.Context, keyRef string) (signature.Verifier, error)
- func Init() *ffcli.Command
- func InitCmd(ctx context.Context, directory string, threshold int, ...) error
- func KeyPOPSign() *ffcli.Command
- func KeyPOPSignCmd(ctx context.Context, challenge, nonce string, signer signature.Signer) error
- func KeyPOPVerify() *ffcli.Command
- func KeyPOPVerifyCmd(ctx context.Context, challenge, nonce string, verifier signature.Verifier, ...) error
- func PAE(challenge, nonce string) []byte
- func Publish() *ffcli.Command
- func PublishCmd(_ context.Context, directory string) error
- func Snapshot() *ffcli.Command
- func SnapshotCmd(_ context.Context, directory string) error
- func Timestamp() *ffcli.Command
- func TimestampCmd(_ context.Context, directory string) error
- type DelegationOptions
Constants ¶
This section is empty.
Variables ¶
var ConsistentSnapshot = true
Enable consistent snapshotting.
var DefaultThreshold = 3
Threshold for root and targets signers.
var RoleExpiration = map[string][]int{
"root": {0, 6, 0},
"targets": {0, 6, 0},
"snapshot": {0, 0, 21},
"timestamp": {0, 0, 7},
}
Time to role expiration represented as a list of ints corresponding to (years, months, days).
Functions ¶
func AddDelegation ¶
func ClearEmptySignatures ¶
func DelegationCmd ¶
func DelegationCmd(ctx context.Context, opts *DelegationOptions) error
func DoKeyPOPSign ¶
func GetExpiration ¶
func GetKeyIDForRole ¶
func GetPublicKeyFromID ¶
func InitCmd ¶
func InitCmd(ctx context.Context, directory string, threshold int, targetsConfig *prepo.TargetMetaConfig, targetsDir string, snapshotRef string, timestampRef string) error
InitCmd creates a new staged root.json and targets.json in the specified directory. It populates the top-level roles with signers and adds targets to top-level targets.
- directory: Directory to write newly staged metadata. Must contain a keys/ subdirectory with root/targets signers.
- threshold: The root and targets threshold.
- targetsConfig: A map of target file names and custom metadata to add to top-level targets. Target file names are expected to be in the working directory.
- targetsDir: The local directory where the targets are stored.
- snapshotRef: A reference (KMS, file, URL) to a snapshot signer.
- timestampRef: A reference (KMS, file, URL) to a timestamp signer.
The root and targets metadata will be initialized with a 6 month expiration. Revoked keys will be automatically calculated given the previous root and the signers in directory. Signature placeholders for each key will be added to the root.json and targets.json file.
func KeyPOPSign ¶
func KeyPOPSignCmd ¶
func KeyPOPVerify ¶
func KeyPOPVerifyCmd ¶
func PAE ¶
The DSSE Pre-Authentication Encoding https://github.com/secure-systems-lab/dsse/blob/master/protocol.md#signature-definition