signerverifier

package

v0.3.0 Latest Latest Go to latest Published: Jan 17, 2024 License: Apache-2.0, MIT Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gittuf/gittuf

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func NewSignerVerifierFromPEM(keyBytes []byte) (dsse.SignerVerifier, error)
func NewVerifierFromSSLibKey(key *SSLibKey) (dsse.SignerVerifier, error)
type ECDSASignerVerifier
- func NewECDSASignerVerifierFromSSLibKey(key *SSLibKey) (*ECDSASignerVerifier, error)
type ED25519SignerVerifier
- func NewED25519SignerVerifierFromSSLibKey(key *SSLibKey) (*ED25519SignerVerifier, error)
type KeyVal
type RSAPSSSignerVerifier
- func NewRSAPSSSignerVerifierFromSSLibKey(key *SSLibKey) (*RSAPSSSignerVerifier, error)
type SSLibKey

Constants ¶

View Source

const (
	ECDSAKeyType   = "ecdsa"
	ECDSAKeyScheme = "ecdsa-sha2-nistp256"
)

View Source

const (
	RSAKeyType       = "rsa"
	RSAKeyScheme     = "rsassa-pss-sha256"
	RSAPrivateKeyPEM = "RSA PRIVATE KEY"
)

View Source

const (
	PublicKeyPEM  = "PUBLIC KEY"
	PrivateKeyPEM = "PRIVATE KEY"
)

View Source

const ED25519KeyType = "ed25519"

Variables ¶

View Source

var (
	ErrPrivateKey                  = errors.New("key must be a public key")
	ErrNotPrivateKey               = errors.New("loaded key is not a private key")
	ErrSignatureVerificationFailed = errors.New("failed to verify signature")
	ErrUnknownKeyType              = errors.New("unknown key type")
	ErrInvalidThreshold            = errors.New("threshold is either less than 1 or greater than number of provided public keys")
	ErrInvalidKey                  = errors.New("key object has no value")
	ErrInvalidPEM                  = errors.New("unable to parse PEM block")
)

View Source

var (
	// ErrNoPEMBlock gets triggered when there is no PEM block in the provided file
	ErrNoPEMBlock = errors.New("failed to decode the data as PEM block (are you sure this is a pem file?)")
	// ErrFailedPEMParsing gets returned when PKCS1, PKCS8 or PKIX key parsing fails
	ErrFailedPEMParsing = errors.New("failed parsing the PEM block: unsupported PEM type")
)

View Source

var KeyIDHashAlgorithms = []string{"sha256", "sha512"}

Functions ¶

func NewSignerVerifierFromPEM ¶

func NewSignerVerifierFromPEM(keyBytes []byte) (dsse.SignerVerifier, error)

func NewVerifierFromSSLibKey ¶

func NewVerifierFromSSLibKey(key *SSLibKey) (dsse.SignerVerifier, error)

Types ¶

type ECDSASignerVerifier ¶

type ECDSASignerVerifier struct {
	// contains filtered or unexported fields
}

ECDSASignerVerifier is a dsse.SignerVerifier compliant interface to sign and verify signatures using ECDSA keys.

func NewECDSASignerVerifierFromSSLibKey ¶

func NewECDSASignerVerifierFromSSLibKey(key *SSLibKey) (*ECDSASignerVerifier, error)

NewECDSASignerVerifierFromSSLibKey creates an ECDSASignerVerifier from an SSLibKey.

func (*ECDSASignerVerifier) KeyID ¶

func (sv *ECDSASignerVerifier) KeyID() (string, error)

KeyID returns the identifier of the key used to create the ECDSASignerVerifier instance.

func (*ECDSASignerVerifier) Public ¶

func (sv *ECDSASignerVerifier) Public() crypto.PublicKey

Public returns the public portion of the key used to create the ECDSASignerVerifier instance.

func (*ECDSASignerVerifier) Sign ¶

func (sv *ECDSASignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error)

Sign creates a signature for `data`.

func (*ECDSASignerVerifier) Verify ¶

func (sv *ECDSASignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error

Verify verifies the `sig` value passed in against `data`.

type ED25519SignerVerifier ¶

type ED25519SignerVerifier struct {
	ID         string
	PrivateKey ed25519.PrivateKey
	PublicKey  ed25519.PublicKey
}

ED25519SignerVerifier is a dsse.SignerVerifier compliant interface to sign and verify signatures using ED25519 keys.

func NewED25519SignerVerifierFromSSLibKey ¶

func NewED25519SignerVerifierFromSSLibKey(key *SSLibKey) (*ED25519SignerVerifier, error)

NewED25519SignerVerifierFromSSLibKey creates an Ed25519SignerVerifier from an SSLibKey.

func (*ED25519SignerVerifier) KeyID ¶

func (sv *ED25519SignerVerifier) KeyID() (string, error)

KeyID returns the identifier of the key used to create the ED25519SignerVerifier instance.

func (*ED25519SignerVerifier) Public ¶

func (sv *ED25519SignerVerifier) Public() crypto.PublicKey

Public returns the public portion of the key used to create the ED25519SignerVerifier instance.

func (*ED25519SignerVerifier) Sign ¶

func (sv *ED25519SignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error)

Sign creates a signature for `data`.

func (*ED25519SignerVerifier) Verify ¶

func (sv *ED25519SignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error

Verify verifies the `sig` value passed in against `data`.

type KeyVal ¶

type KeyVal struct {
	Public      string `json:"public,omitempty"`
	Certificate string `json:"certificate,omitempty"`
	Identity    string `json:"identity,omitempty"`
	Issuer      string `json:"issuer,omitempty"`
}

type RSAPSSSignerVerifier ¶

type RSAPSSSignerVerifier struct {
	// contains filtered or unexported fields
}

RSAPSSSignerVerifier is a dsse.SignerVerifier compliant interface to sign and verify signatures using RSA keys following the RSA-PSS scheme.

func NewRSAPSSSignerVerifierFromSSLibKey ¶

func NewRSAPSSSignerVerifierFromSSLibKey(key *SSLibKey) (*RSAPSSSignerVerifier, error)

NewRSAPSSSignerVerifierFromSSLibKey creates an RSAPSSSignerVerifier from an SSLibKey.

func (*RSAPSSSignerVerifier) KeyID ¶

func (sv *RSAPSSSignerVerifier) KeyID() (string, error)

KeyID returns the identifier of the key used to create the RSAPSSSignerVerifier instance.

func (*RSAPSSSignerVerifier) Public ¶

func (sv *RSAPSSSignerVerifier) Public() crypto.PublicKey

Public returns the public portion of the key used to create the RSAPSSSignerVerifier instance.

func (*RSAPSSSignerVerifier) Sign ¶

func (sv *RSAPSSSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error)

Sign creates a signature for `data`.

func (*RSAPSSSignerVerifier) Verify ¶

func (sv *RSAPSSSignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error

Verify verifies the `sig` value passed in against `data`.

type SSLibKey ¶

type SSLibKey struct {
	KeyIDHashAlgorithms []string `json:"keyid_hash_algorithms"`
	KeyType             string   `json:"keytype"`
	KeyVal              KeyVal   `json:"keyval"`
	Scheme              string   `json:"scheme"`
	KeyID               string   `json:"keyid"`
}

func LoadECDSAKeyFromFile deprecated

func LoadECDSAKeyFromFile(path string) (*SSLibKey, error)

LoadECDSAKeyFromFile returns an SSLibKey instance for an ECDSA key stored in a file in the custom securesystemslib format.

Deprecated: use LoadKey(). The custom serialization format has been deprecated. Use https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py to convert your key.

func LoadED25519KeyFromFile deprecated

func LoadED25519KeyFromFile(path string) (*SSLibKey, error)

LoadED25519KeyFromFile returns an SSLibKey instance for an ED25519 key stored in a file in the custom securesystemslib format.

Deprecated: use LoadKey(). The custom serialization format has been deprecated. Use https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py to convert your key.

func LoadKey ¶

func LoadKey(keyBytes []byte) (*SSLibKey, error)

LoadKey returns an SSLibKey object when provided a PEM encoded key. Currently, RSA, ED25519, and ECDSA keys are supported.

func LoadKeyFromSSLibBytes deprecated

func LoadKeyFromSSLibBytes(contents []byte) (*SSLibKey, error)

LoadKeyFromSSLibBytes returns a pointer to a Key instance created from the contents of the bytes. The key contents are expected to be in the custom securesystemslib format.

Deprecated: use LoadKey() for all key types, RSA is no longer the only key that uses PEM serialization.

func LoadRSAPSSKeyFromBytes deprecated

func LoadRSAPSSKeyFromBytes(contents []byte) (*SSLibKey, error)

LoadRSAPSSKeyFromBytes is a function that takes a byte array as input. This byte array should represent a PEM encoded RSA key, as PEM encoding is required. The function returns an SSLibKey instance, which is a struct that holds the key data.

Deprecated: use LoadKey() for all key types, RSA is no longer the only key that uses PEM serialization.

func LoadRSAPSSKeyFromFile deprecated

func LoadRSAPSSKeyFromFile(path string) (*SSLibKey, error)

LoadRSAPSSKeyFromFile returns an SSLibKey instance for an RSA key stored in a file.

Deprecated: use LoadKey(). The custom serialization format has been deprecated. Use https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py to convert your key.

func NewKey ¶

func NewKey(rawKey any) (*SSLibKey, error)

NewKey returns an SSLibKey object for an RSA, ECDSA, or ED25519 public key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL