signver

package

v1.2.0 Latest Latest Go to latest Published: May 15, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/deckhouse/delivery-kit-sdk

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ConcatChain(intermediateOrRootRef ...string) ([]*x509.Certificate, string, error)
func NewVerifierFromCert(_ context.Context, certRef string) (signature.Verifier, error)
func VerifyCert(pk crypto.PublicKey, certRef string) (*x509.Certificate, error)
func VerifyChain(certRef, chainRef string) ([]*x509.Certificate, []*x509.Certificate, error)
type KeyOpts
type SignerVerifier
- func NewSignerVerifier(ctx context.Context, certRef, certChainRef string, ko KeyOpts) (*SignerVerifier, error)

Constants ¶

View Source

const (
	DeliveryKitPrivateKeyPemType = "ENCRYPTED DELIVERY-KIT PRIVATE KEY"
	// PEM-encoded PKCS #8 RSA, ECDSA or ED25519 private key
	PrivateKeyPemType = "PRIVATE KEY"
)

Variables ¶

This section is empty.

Functions ¶

func ConcatChain ¶

func ConcatChain(intermediateOrRootRef ...string) ([]*x509.Certificate, string, error)

ConcatChain takes intermediateRef... or rootRef and concatenates them into a chain.

func NewVerifierFromCert ¶

func NewVerifierFromCert(_ context.Context, certRef string) (signature.Verifier, error)

func VerifyCert ¶

func VerifyCert(pk crypto.PublicKey, certRef string) (*x509.Certificate, error)

func VerifyChain ¶

func VerifyChain(certRef, chainRef string) ([]*x509.Certificate, []*x509.Certificate, error)

VerifyChain verifies certificate chain. chainRef must contain at least one certificate (root). If chainRef contains more than one certificate then the last one considered as root certificate.

Types ¶

type KeyOpts ¶

type KeyOpts struct {
	// KeyRef could be a URL, a base64 or a file path
	KeyRef string
	// PassFunc
	PassFunc cryptoutils.PassFunc
}

KeyOpts Copied from https://github.com/sigstore/cosign/blob/c948138c19691142c1e506e712b7c1646e8ceb21/cmd/cosign/cli/options/key.go#L20 and modified after.

type SignerVerifier ¶

type SignerVerifier struct {
	Cert  []byte
	Chain []byte
	signature.SignerVerifier
}

SignerVerifier Copied from https://github.com/sigstore/cosign/blob/c948138c19691142c1e506e712b7c1646e8ceb21/cmd/cosign/cli/sign/sign.go#L585 and modified after.

func NewSignerVerifier ¶

func NewSignerVerifier(ctx context.Context, certRef, certChainRef string, ko KeyOpts) (*SignerVerifier, error)

NewSignerVerifier Copied from https://github.com/sigstore/cosign/blob/c948138c19691142c1e506e712b7c1646e8ceb21/cmd/cosign/cli/sign/sign.go#L392 and modified after.

certRef could be a base64 or a file path certChainRef could be a base64 or a file path

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
blob
hashivault Package hashivault implement the interface with hashivault kms service	Package hashivault implement the interface with hashivault kms service
pass

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL