signature

package
v4.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 1, 2024 License: BSD-3-Clause Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// PKIXOCSPNoCheck refers to the Revocation Checking of an Authorized Responder.
	// More more info check https://oidref.com/1.3.6.1.5.5.7.48.1.5
	PKIXOCSPNoCheck = "1.3.6.1.5.5.7.48.1.5"
)

Variables

This section is empty.

Functions

func OCSPVerify

func OCSPVerify(chain ...*x509.Certificate) error

func Sign

func Sign(ctx context.Context, path string, opts ...SignOpt) error

Sign adds one or more digital signatures to the SIF image found at path, according to opts. Key material must be provided via OptSignEntitySelector.

By default, one digital signature is added per object group in f. To override this behavior, consider using OptSignGroup and/or OptSignObject.

func Verify

func Verify(ctx context.Context, path string, opts ...VerifyOpt) error

Verify verifies digital signature(s) in the SIF image found at path, according to opts.

To use key material from an x.509 certificate, use OptVerifyWithCertificate. The system roots or the platform verifier will be used to verify the certificate, unless OptVerifyWithIntermediates and/or OptVerifyWithRoots are specified.

To use raw key material, use OptVerifyWithVerifier.

To use PGP key material, use OptVerifyWithPGP.

By default, non-legacy signatures for all object groups are verified. To override the default behavior, consider using OptVerifyGroup, OptVerifyObject, OptVerifyAll, and/or OptVerifyLegacy.

func VerifyFingerprints

func VerifyFingerprints(ctx context.Context, path string, fingerprints []string, opts ...VerifyOpt) error

VerifyFingerprints verifies an image and checks it was signed by *all* of the provided fingerprints.

To use key material from an x.509 certificate, use OptVerifyWithCertificate. The system roots or the platform verifier will be used to verify the certificate, unless OptVerifyWithIntermediates and/or OptVerifyWithRoots are specified.

To use raw key material, use OptVerifyWithVerifier.

To use PGP key material, use OptVerifyWithPGP.

By default, non-legacy signatures for all object groups are verified. To override the default behavior, consider using OptVerifyGroup, OptVerifyObject, OptVerifyAll, and/or OptVerifyLegacy.

Types

type SignOpt

type SignOpt func(s *signer) error

SignOpt are used to configure s.

func OptSignEntitySelector

func OptSignEntitySelector(f sypgp.EntitySelector) SignOpt

OptSignEntitySelector specifies f be used to select (and decrypt, if necessary) the entity to use to generate signature(s).

func OptSignGroup

func OptSignGroup(groupID uint32) SignOpt

OptSignGroup specifies that a signature be applied to cover all objects in the group with the specified groupID. This may be called multiple times to add multiple group signatures.

func OptSignObjects

func OptSignObjects(ids ...uint32) SignOpt

OptSignObjects specifies that one or more signature(s) be applied to cover objects with the specified ids. One signature will be applied for each group ID associated with the object(s). This may be called multiple times to add multiple signatures.

func OptSignWithSigner

func OptSignWithSigner(ss signature.Signer) SignOpt

OptSignWithSigner specifies ss be used to generate signature(s).

type VerifyCallback

type VerifyCallback func(*sif.FileImage, integrity.VerifyResult) bool

type VerifyOpt

type VerifyOpt func(v *verifier) error

VerifyOpt are used to configure v.

func OptVerifyAll

func OptVerifyAll() VerifyOpt

OptVerifyAll adds one verification task per non-signature object in the image when verification of legacy signatures is enabled. When verification of legacy signatures is disabled (the default), this option has no effect.

func OptVerifyCallback

func OptVerifyCallback(cb VerifyCallback) VerifyOpt

OptVerifyCallback registers f as the verification callback.

func OptVerifyGroup

func OptVerifyGroup(groupID uint32) VerifyOpt

OptVerifyGroup adds a verification task for the group with the specified groupID. This may be called multiple times to request verification of more than one group.

func OptVerifyLegacy

func OptVerifyLegacy() VerifyOpt

OptVerifyLegacy enables verification of legacy signatures.

func OptVerifyObject

func OptVerifyObject(id uint32) VerifyOpt

OptVerifyObject adds a verification task for the object with the specified id. This may be called multiple times to request verification of more than one object.

func OptVerifyWithCertificate

func OptVerifyWithCertificate(c *x509.Certificate) VerifyOpt

OptVerifyWithCertificate appends c as a source of key material to verify signatures.

func OptVerifyWithIntermediates

func OptVerifyWithIntermediates(p *x509.CertPool) VerifyOpt

OptVerifyWithIntermediates specifies p as the pool of certificates that can be used to form a chain from the leaf certificate to a root certificate.

func OptVerifyWithOCSP

func OptVerifyWithOCSP() VerifyOpt

OptVerifyWithOCSP subjects the x509 certificate chains to online revocation checks, before the leaf certificate is deemed as trusted for validating the signature.

func OptVerifyWithPGP

func OptVerifyWithPGP(opts ...client.Option) VerifyOpt

OptVerifyWithPGP adds the local public keyring as a source of key material to verify signatures. If supplied, opts specify a keyserver to use in addition to the local public keyring.

func OptVerifyWithRoots

func OptVerifyWithRoots(p *x509.CertPool) VerifyOpt

OptVerifyWithRoots specifies p as the pool of root certificates to use, instead of the system roots or the platform verifier.

func OptVerifyWithVerifier

func OptVerifyWithVerifier(sv signature.Verifier) VerifyOpt

OptVerifyWithVerifier appends sv as a source of key material to verify signatures.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL