Documentation ¶
Overview ¶
Package note provides note-compatible signature verifiers and signers.
Index ¶
- func CoSigV1Timestamp(s note.Signature) (time.Time, error)
- func NewECDSAVerifier(key string) (note.Verifier, error)
- func NewRFC6962Verifier(vkey string) (note.Verifier, error)
- func NewVerifier(key string) (note.Verifier, error)
- func NewVerifierForCosignatureV1(vkey string) (note.Verifier, error)
- func RFC6962STHTimestamp(s note.Signature) (time.Time, error)
- func RFC6962STHToCheckpoint(j []byte, v note.Verifier) ([]byte, error)
- func RFC6962VerifierString(logURL string, pubK crypto.PublicKey) (string, error)
- type Signer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CoSigV1Timestamp ¶
CoSigV1Timestamp extracts the embedded timestamp from a CoSigV1 signature.
func NewECDSAVerifier ¶
NewECDSAVerifier creates a new note verifier for checking ECDSA signatures over SHA256 digests. This implementation is compatible with the signature scheme used by the Sigstore Rékor Log.
The key is expected to be provided as a string in the following form:
<key_name>+<key_hash>+<key_bytes>
Where
<key_name> is a human readable identifier for the key, containing no whitespace or "+" symbols <key_bytes> is base64 encoded blob starting with a 0x02 (algECDSAWithSHA256) byte and followed by the DER encoded public key in SPKI format. <key_hash> is a 32bit hash of the key DER
e.g.:
"rekor.sigstore.dev+12345678+AjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNhtmPtrWm3U1eQXBogSMdGvXwBcK5AW5i0hrZLOC96l+smGNM7nwZ4QvFK/4sueRoVj//QP22Ni4Qt9DPfkWLc=
func NewRFC6962Verifier ¶
NewRFC6962Verifier creates a note verifier for Sunlight/RFC6962 checkpoint signatures.
func NewVerifier ¶
NewVerifier returns a verifier for the given key, if the key's algo is known.
func NewVerifierForCosignatureV1 ¶
NewVerifierForCosignatureV1 constructs a new Verifier for timestamped cosignature/v1 signatures from a standard Ed25519 encoded verifier key.
(The returned Verifier has a different key hash from a non-timestamped one, meaning it will differ from the key hash in the input encoding.)
func RFC6962STHTimestamp ¶
RFC6962STHTimestamp extracts the embedded timestamp from a translated RFC6962 STH signature.
func RFC6962STHToCheckpoint ¶
RFC6962STHToCheckpoint converts the provided RFC6962 JSON representation of a CT Signed Tree Head structure to a sunlight style signed checkpoint. The passed in verifier must be an RFC6929Verifier containing the correct details for the log which signed the STH.
Types ¶
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
func NewSignerForCosignatureV1 ¶
NewSignerForCosignatureV1 constructs a new Signer that produces timestamped cosignature/v1 signatures from a standard Ed25519 encoded signer key.
(The returned Signer has a different key hash from a non-timestamped one, meaning it will differ from the key hash in the input encoding.)