dsse

README

go-dsse

A golang implementation for DSSE.

Documentation

Index

• Variables
• func PAE(payloadType string, payload []byte) []byte
• type Bytes
  • func (b *Bytes) UnmarshalJSON(data []byte) error
• type Envelope
• type EnvelopeSigner
  • func NewEnvelopeSigner(signers ...Signer) EnvelopeSigner
  • func (s EnvelopeSigner) Sign(payloadType string, payload []byte) (*Envelope, error)
• type EnvelopeVerifier
  • func NewEnvelopeVerifier(verifiers ...Verifier) EnvelopeVerifier
  • func (v EnvelopeVerifier) Verify(e *Envelope) ([]Verifier, error)
• type SignVerifier
• type Signature
• type Signer
• type Verifier

Variables

var (
	ErrMissingSigner   = errors.New("dsse: missing signer")
	ErrMissingVerifier = errors.New("dsse: missing verifier")
	ErrVerification    = errors.New("dsse: verification error")
)

Functions

func PAE

func PAE(payloadType string, payload []byte) []byte

PAE encodes the payload type and the payload in the Pre-Authentication Encoding. Reference: https://github.com/secure-systems-lab/dsse/blob/master/protocol.md#signature-definition

Types

type Bytes

type Bytes []byte

Bytes wraps []byte for JSON serialization.

func (*Bytes) UnmarshalJSON

func (b *Bytes) UnmarshalJSON(data []byte) error

UnmarshalJSON accepts either standard or URL-safe base64 encodings

type Envelope

type Envelope struct {
	Payload     Bytes       `json:"payload"`
	PayloadType string      `json:"payloadType"`
	Signatures  []Signature `json:"signatures"`
}

Envelope holds the payload and signautres. Reference: https://github.com/secure-systems-lab/dsse/blob/master/envelope.md

type EnvelopeSigner

type EnvelopeSigner []Signer

EnvelopeSigner is a group of signers.

func NewEnvelopeSigner

func NewEnvelopeSigner(signers ...Signer) EnvelopeSigner

NewEnvelopeSigner wraps signers to be an envelope signer.

func (EnvelopeSigner) Sign

func (s EnvelopeSigner) Sign(payloadType string, payload []byte) (*Envelope, error)

Sign signs the payload with its type. Reference: https://github.com/secure-systems-lab/dsse/blob/master/protocol.md#protocol

type EnvelopeVerifier

type EnvelopeVerifier []Verifier

EnvelopeVerifier is a group of verifiers.

func NewEnvelopeVerifier

func NewEnvelopeVerifier(verifiers ...Verifier) EnvelopeVerifier

NewEnvelopeVerifier wraps verifiers to be an envelope verifier.

func (EnvelopeVerifier) Verify

func (v EnvelopeVerifier) Verify(e *Envelope) ([]Verifier, error)

Verify verifies the envelope. Returns a list of verifiers recognizing the signautre and nil error. Reference:

• https://github.com/secure-systems-lab/dsse/blob/master/protocol.md
• https://github.com/secure-systems-lab/dsse/blob/master/implementation/signing_spec.py

type SignVerifier

type SignVerifier interface {
	Signer
	Verifier
}

SignVerifier is not only a verifier but also a signer.

type Signature

type Signature struct {
	KeyID     string `json:"kid,omitempty"`
	Signature Bytes  `json:"sig"`
}

Signature stores a detached signature.

type Signer

type Signer interface {
	// Sign returns the signature of the `message`.
	Sign(message []byte) ([]byte, error)

	// KeyID returns the key ID of the signing key.
	// Empty if not supported.
	KeyID() string
}

Signer signs messages.

type Verifier

type Verifier interface {
	// Verify verifiers if the signature is for the message.
	// Return nil if valid.
	Verify(message, signature []byte) error

	// KeyID returns the key ID of the verification key.
	// Empty if not supported.
	KeyID() string
}

Verifier verifies the envelope