Documentation
¶
Index ¶
- Constants
- Variables
- func GetSignatureType(signature string) string
- func IsEmptySignature(signature string) bool
- func IsPGPSignature(signature string) bool
- func IsSSHSignature(signature string) bool
- func IsX509Signature(signature string) bool
- func ParseAuthorizedKeys(authorizedKeys string) ([]gossh.PublicKey, error)
- func VerifyPGPSignature(signature string, payload []byte, keyRings ...string) (string, error)
- func VerifySSHSignature(signature string, payload []byte, authorizedKeys ...string) (string, error)
- type OpenPGPSigner
- type SSHSigner
- type Signer
Constants ¶
const SSHSignatureNamespace = "git"
Variables ¶
var ( // ErrSignatureEmpty is returned when no signature was provided. ErrSignatureEmpty = errors.New("signature is empty") // ErrPayloadEmpty is returned when no payload was provided. ErrPayloadEmpty = errors.New("payload is empty") // ErrSignatureFormat is returned when the provided signature is not in // the format expected by the verification function, for example an SSH // signature handed to VerifyPGPSignature. ErrSignatureFormat = errors.New("signature format mismatch") // ErrNoMatchingKey is returned when verification was attempted against // at least one key ring or authorized_keys input and none of them could // verify the signature against the payload. ErrNoMatchingKey = errors.New("no matching key") // ErrSSHPassphraseRequired is returned by NewSSHSigner when the // provided private key is encrypted but no passphrase was supplied. // Callers may branch on it via errors.Is. ErrSSHPassphraseRequired = errors.New("SSH signing key is encrypted; passphrase required") )
Sentinel errors returned by the verification functions. Callers can use errors.Is to branch on these conditions; errors returned by the verification functions wrap one or more of these as appropriate.
Errors from the underlying sshsig library (e.g. sshsig.ErrPublicKeyMismatch, sshsig.ErrNamespaceMismatch, sshsig.ErrUnsupportedHashAlgorithm) are preserved in the error chain when VerifySSHSignature exhausts all authorized keys without a match, so callers may also branch on those.
Functions ¶
func GetSignatureType ¶
GetSignatureType returns the type of the signature as a string. It returns "openpgp" for PGP signatures, "ssh" for SSH signatures, "x509" for S/MIME signatures, "empty" for an empty signature and "unknown" for unrecognized signatures.
func IsEmptySignature ¶
IsEmptySignature tests if the given signature string is empty. It returns true if the signature string has a length of 0.
func IsPGPSignature ¶
IsPGPSignature tests if the given signature is of type PGP. It returns true if the signature starts with the PGP signature prefix.
func IsSSHSignature ¶
IsSSHSignature tests if the given signature is of type SSH. It returns true if the signature starts with the SSH signature prefix.
func IsX509Signature ¶
IsX509Signature tests if the given signature is of type x509 (S/MIME). It returns true if the signature starts with the x509 signature prefix.
The signature package does not yet verify x509 signatures; this helper exists so GetSignatureType and the verify functions can report "x509" in their error messages, helping callers distinguish an x509 signature from a corrupt or truly unknown one. Tracked upstream at https://github.com/fluxcd/source-controller/issues/1996.
func ParseAuthorizedKeys ¶
ParseAuthorizedKeys parses the given authorized_keys-formatted string and returns the public keys it contains. Empty lines and lines whose first non-whitespace character is '#' are skipped.
Parsing is fail-fast: if any non-comment line cannot be parsed as an SSH public key the function returns (nil, err), discarding any keys successfully parsed earlier in the input. This is intentional — a malformed entry typically indicates user error and silently dropping it would hide that. Callers that want best-effort behaviour should split the input themselves and call ParseAuthorizedKeys per line.
func VerifyPGPSignature ¶
VerifyPGPSignature verifies the PGP signature against the payload using the provided key rings. It returns the key ID of the key that successfully verified the signature, or an error.
func VerifySSHSignature ¶
VerifySSHSignature verifies the SSH signature against the payload using the provided authorized keys. It returns the fingerprint of the key that successfully verified the signature, or an error.
Types ¶
type OpenPGPSigner ¶ added in v0.51.0
type OpenPGPSigner struct {
// contains filtered or unexported fields
}
OpenPGPSigner adapts an openpgp.Entity to the Signer interface so it can be used as a generic Git commit signer. Callers may type-assert a Signer returned by NewOpenPGPSigner back to *OpenPGPSigner to inspect or distinguish it from other Signer implementations.
func (*OpenPGPSigner) Sign ¶ added in v0.51.0
func (s *OpenPGPSigner) Sign(r io.Reader) ([]byte, error)
Sign produces an ASCII-armored detached OpenPGP signature over the message read from r. The output matches what go-git's internal gpgSigner produces, so it is interchangeable with the previous typed-entity signing path.
type SSHSigner ¶ added in v0.51.0
type SSHSigner struct {
// contains filtered or unexported fields
}
SSHSigner adapts a gossh.Signer to the Signer interface, producing SSHSIG-armored signatures with namespace SSHSignatureNamespace ("git") and SHA-512 as the hash algorithm, matching Git's defaults for SSH-signed commits. Callers may type-assert a Signer returned by NewSSHSigner back to *SSHSigner to inspect or distinguish it from other Signer implementations.
type Signer ¶ added in v0.51.0
Signer is the interface used to sign Git commits and tags. It is re-exported from go-git so that consumers do not need to import the go-git package directly.
Concrete implementations are returned by NewOpenPGPSigner and NewSSHSigner in this package.
func NewOpenPGPSigner ¶ added in v0.51.0
NewOpenPGPSigner returns a Signer that signs commits with the given OpenPGP entity. The entity's private key must be present and decrypted; callers that load keys from passphrase-protected key rings are responsible for decryption before constructing the signer.
The constructor returns an error only when the entity is nil; today no other validation is performed, but the (Signer, error) shape leaves room to add validation later without an API break.
func NewSSHSigner ¶ added in v0.51.0
NewSSHSigner returns a Signer that signs commits with the given SSH private key. The pem argument is the private key in any format accepted by gossh.ParsePrivateKey, typically the OpenSSH "-----BEGIN OPENSSH PRIVATE KEY-----" format produced by ssh-keygen. The passphrase argument is consulted only when the private key is encrypted; pass nil for an unencrypted key.
Supported algorithms: ssh-ed25519, ecdsa-sha2-nistp256/384/521, and ssh-rsa with key size at least 2048 bits. DSA and undersized RSA keys are rejected at construction time because they produce signatures that modern OpenSSH refuses to verify.
Signatures use namespace SSHSignatureNamespace ("git") and SHA-512, which match Git's defaults for SSH-signed commits. See https://git-scm.com/docs/gitformat-signature.
Source Files