Documentation
¶
Index ¶
- func DefaultSignaturePath(binaryPath string) string
- func GenerateKeyPair() (ed25519.PublicKey, ed25519.PrivateKey, error)
- func IsSignatureRequired() bool
- func SignBinary(binaryPath, outputSigPath string, privateKey ed25519.PrivateKey) error
- func VerifyBinary(binaryPath, signaturePath string, trustedKeys []ed25519.PublicKey) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultSignaturePath ¶
DefaultSignaturePath returns the default signature file path for a binary. For binary "/path/to/plugin", returns "/path/to/plugin.sig"
func GenerateKeyPair ¶
func GenerateKeyPair() (ed25519.PublicKey, ed25519.PrivateKey, error)
GenerateKeyPair generates a new ed25519 key pair for plugin signing.
func IsSignatureRequired ¶
func IsSignatureRequired() bool
IsSignatureRequired checks if signature verification should be enforced. This can be configured via environment variable or build tag.
func SignBinary ¶
func SignBinary(binaryPath, outputSigPath string, privateKey ed25519.PrivateKey) error
SignBinary creates a signature file for a plugin binary. The signature file will be created at outputSigPath and contains the ed25519 signature of the binary's SHA-256 hash.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.