signature

package
v1.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2024 License: BSD-3-Clause Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PKIXOCSPNoCheck refers to the Revocation Checking of an Authorized Responder.
	// More more info check https://oidref.com/1.3.6.1.5.5.7.48.1.5
	PKIXOCSPNoCheck = "1.3.6.1.5.5.7.48.1.5"
)

Variables

This section is empty.

Functions

func OCSPVerify 

func OCSPVerify(chain ...*x509.Certificate) error

func Sign 

func Sign(ctx context.Context, path string, opts ...SignOpt) error

Sign adds one or more digital signatures to the SIF image found at path, according to opts. Key material must be provided via OptSignEntitySelector.

By default, one digital signature is added per object group in f. To override this behavior, consider using OptSignGroup and/or OptSignObject.

func Verify 

func Verify(ctx context.Context, path string, opts ...VerifyOpt) error

Verify verifies digital signature(s) in the SIF image found at path, according to opts.

To use key material from an x.509 certificate, use OptVerifyWithCertificate. The system roots or the platform verifier will be used to verify the certificate, unless OptVerifyWithIntermediates and/or OptVerifyWithRoots are specified.

To use raw key material, use OptVerifyWithVerifier.

To use PGP key material, use OptVerifyWithPGP.

By default, non-legacy signatures for all object groups are verified. To override the default behavior, consider using OptVerifyGroup, OptVerifyObject, OptVerifyAll, and/or OptVerifyLegacy.

func VerifyFingerprints 

func VerifyFingerprints(ctx context.Context, path string, fingerprints []string, opts ...VerifyOpt) error

VerifyFingerprints verifies an image and checks it was signed by *all* of the provided fingerprints.

To use key material from an x.509 certificate, use OptVerifyWithCertificate. The system roots or the platform verifier will be used to verify the certificate, unless OptVerifyWithIntermediates and/or OptVerifyWithRoots are specified.

To use raw key material, use OptVerifyWithVerifier.

To use PGP key material, use OptVerifyWithPGP.

By default, non-legacy signatures for all object groups are verified. To override the default behavior, consider using OptVerifyGroup, OptVerifyObject, OptVerifyAll, and/or OptVerifyLegacy.

Types

type SignOpt 

type SignOpt func(s *signer) error

SignOpt are used to configure s.

func OptSignEntitySelector 

func OptSignEntitySelector(f sypgp.EntitySelector) SignOpt

OptSignEntitySelector specifies f be used to select (and decrypt, if necessary) the entity to use to generate signature(s).

func OptSignGroup 

func OptSignGroup(groupID uint32) SignOpt

OptSignGroup specifies that a signature be applied to cover all objects in the group with the specified groupID. This may be called multiple times to add multiple group signatures.

func OptSignObjects 

func OptSignObjects(ids ...uint32) SignOpt

OptSignObjects specifies that one or more signature(s) be applied to cover objects with the specified ids. One signature will be applied for each group ID associated with the object(s). This may be called multiple times to add multiple signatures.

func OptSignWithSigner 

func OptSignWithSigner(ss signature.Signer) SignOpt

OptSignWithSigner specifies ss be used to generate signature(s).

type VerifyCallback 

type VerifyCallback func(*sif.FileImage, integrity.VerifyResult) bool

type VerifyOpt 

type VerifyOpt func(v *verifier) error

VerifyOpt are used to configure v.

func OptVerifyAll 

func OptVerifyAll() VerifyOpt

OptVerifyAll adds one verification task per non-signature object in the image when verification of legacy signatures is enabled. When verification of legacy signatures is disabled (the default), this option has no effect.

func OptVerifyCallback 

func OptVerifyCallback(cb VerifyCallback) VerifyOpt

OptVerifyCallback registers f as the verification callback.

func OptVerifyGroup 

func OptVerifyGroup(groupID uint32) VerifyOpt

OptVerifyGroup adds a verification task for the group with the specified groupID. This may be called multiple times to request verification of more than one group.

func OptVerifyLegacy 

func OptVerifyLegacy() VerifyOpt

OptVerifyLegacy enables verification of legacy signatures.

func OptVerifyObject 

func OptVerifyObject(id uint32) VerifyOpt

OptVerifyObject adds a verification task for the object with the specified id. This may be called multiple times to request verification of more than one object.

func OptVerifyWithCertificate 

func OptVerifyWithCertificate(c *x509.Certificate) VerifyOpt

OptVerifyWithCertificate appends c as a source of key material to verify signatures.

func OptVerifyWithIntermediates 

func OptVerifyWithIntermediates(p *x509.CertPool) VerifyOpt

OptVerifyWithIntermediates specifies p as the pool of certificates that can be used to form a chain from the leaf certificate to a root certificate.

func OptVerifyWithOCSP 

func OptVerifyWithOCSP() VerifyOpt

OptVerifyWithOCSP subjects the x509 certificate chains to online revocation checks, before the leaf certificate is deemed as trusted for validating the signature.

func OptVerifyWithPGP 

func OptVerifyWithPGP(opts ...client.Option) VerifyOpt

OptVerifyWithPGP adds the local public keyring as a source of key material to verify signatures. If supplied, opts specify a keyserver to use in addition to the local public keyring.

func OptVerifyWithRoots 

func OptVerifyWithRoots(p *x509.CertPool) VerifyOpt

OptVerifyWithRoots specifies p as the pool of root certificates to use, instead of the system roots or the platform verifier.

func OptVerifyWithVerifier 

func OptVerifyWithVerifier(sv signature.Verifier) VerifyOpt

OptVerifyWithVerifier appends sv as a source of key material to verify signatures.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.