Documentation ¶
Overview ¶
Package cosign contains functionalities to interact with signatures generated by cosign. https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md.
Index ¶
Constants ¶
const CosignSigKey = "dev.cosignproject.cosign/signature"
CosignSigKey is the key of the cosign-generated signature embedded in OCI image manifest.
Variables ¶
This section is empty.
Functions ¶
func NewFakeSignature ¶
func NewFakeSignature(data string, sigAlg oci.SigningAlgorithm) oci.Signature
NewFakeSignature constructs a new fake oci.Signature given data and signature algorithm.
Types ¶
type Sig ¶
type Sig struct { // Layer represents a layer descriptor for OCI image manifest. // This contains the simple signing payload digest and Cosign signature, // collected from the OCI image manifest object found using https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#tag-based-discovery. Layer v1.Descriptor // Blob represents the opaque data uploaded to OCI registry associated with the layer. // This contains the Simple Signing Payload as described in https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#tag-based-discovery. Blob []byte // SourceRepo represents the location that stores this signature. SourceRepo string }
Sig implements oci.Signature interface for cosign-generated signatures.
func (Sig) Base64Encoded ¶
Base64Encoded implements oci.Signature interface.
func (Sig) PublicKey ¶
PublicKey implements oci.Signature interface. Since public key is attached to the `optional` field of payload, we don't actually implement this method. Instead we send payload directly to the Attestation service and let the service parse the payload.
func (Sig) SigningAlgorithm ¶
func (s Sig) SigningAlgorithm() (oci.SigningAlgorithm, error)
SigningAlgorithm implements oci.Signature interface. Since signing algorithm is attached to the `optional` field of payload, we don't actually implement this method. Instead we send payload directly to the Attestation service and let the service parse the payload.