cose

package
v0.3.0-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2022 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AlgorithmFromKey 

func AlgorithmFromKey(key interface{}) (cose.Algorithm, error)

AlgorithmFromKey picks up a recommended algorithm for private and public keys. Reference: RFC 8152 8 Signature Algorithms.

Types

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer signs artifacts and generates COSE signatures.

func NewSigner 

func NewSigner(key crypto.Signer, certChain []*x509.Certificate) (*Signer, error)

NewSigner creates a signer with the recommended signing algorithm and a signing key bundled with a certificate chain.

func NewSignerWithCertificateChain 

func NewSignerWithCertificateChain(alg cose.Algorithm, key crypto.Signer, certChain []*x509.Certificate) (*Signer, error)

NewSignerWithCertificateChain creates a signer with the specified signing algorithm and a signing key bundled with a (partial) certificate chain.

func (*Signer) Sign 

func (s *Signer) Sign(ctx context.Context, desc notation.Descriptor, opts notation.SignOptions) ([]byte, error)

Sign signs the artifact described by its descriptor, and returns the signature.

type Verifier 

type Verifier struct {
	// ResolveAlgorithm resolves the signing algorithm used to verify the
	// signature according to the public key in the certificate chain.
	// If not present, `AlgorithmFromKey` will be used to pick up a recommended
	// algorithm.
	ResolveAlgorithm func(interface{}) (cose.Algorithm, error)

	// EnforceExpiryValidation enforces the verifier to verify the timestamp
	// signature even if the certificate is valid.
	// Reference: https://github.com/notaryproject/notaryproject/discussions/98
	EnforceExpiryValidation bool

	// VerifyOptions is the verify option to verify the certificate of the
	// incoming signature.
	// The `Intermediates` in the verify options will be ignored and
	// re-contrusted using the certificates in the incoming signature.
	// An empty list of `KeyUsages` in the verify options implies
	// `ExtKeyUsageAny`.
	VerifyOptions x509.VerifyOptions

	// TSAVerifyOptions is the verify option to verify the fetched timestamp
	// signature.
	// The `Intermediates` in the verify options will be ignored and
	// re-contrusted using the certificates in the fetched timestamp signature.
	// An empty list of `KeyUsages` in the verify options implies
	// `ExtKeyUsageTimeStamping`.
	TSAVerifyOptions x509.VerifyOptions
}

Verifier verifies artifacts against COSE signatures.

func NewVerifier 

func NewVerifier() *Verifier

NewVerifier creates a verifier. Callers may be interested in options in the public field of the Verifier, especially VerifyOptions for setting up trusted certificates.

func (*Verifier) Verify 

func (v *Verifier) Verify(ctx context.Context, signature []byte, opts notation.VerifyOptions) (notation.Descriptor, error)

Verify verifies the signature and returns the verified descriptor and metadata of the signed artifact.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.