Documentation
¶
Overview ¶
Package signature handles the nitty-gritty of formatting and writing out signatures. Functions here should not require any network/Sigstore access.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Sign ¶
func Sign(ident Identity, body []byte, opts SignOptions) ([]byte, *x509.Certificate, error)
Sign signs a given payload for the given identity. The resulting signature and cert used is returned.
Types ¶
type Identity ¶
type Identity interface {
// Certificate gets the identity's certificate.
Certificate() (*x509.Certificate, error)
// CertificateChain attempts to get the identity's full certificate chain.
CertificateChain() ([]*x509.Certificate, error)
// Signer gets a crypto.Signer that uses the identity's private key.
Signer() (crypto.Signer, error)
// Delete deletes this identity from the system.
Delete() error
// Close any manually managed memory held by the Identity.
Close()
}
Identity is a copy of smimesign.Identity to allow for compatibility without needing a dependency on the whole package. This can be removed once https://github.com/github/smimesign/pull/108 is merged.
type SignOptions ¶
type SignOptions struct {
// Make a detached signature
Detached bool
// URL of RFC3161 timestamp authority to use for timestamping
TimestampAuthority string
// Create ascii armored output
Armor bool
// IncludeCerts specifies what certs to include in the resulting signature.
// -3 is the same as -2, but omits issuer when cert has Authority Information Access extension.
// -2 includes all certs except root.
// -1 includes all certs.
// 0 includes no certs.
// 1 includes leaf cert.
// >1 includes n from the leaf.
IncludeCerts int
}
Source Files
Click to show internal directories.
Click to hide internal directories.