package signerverifier

go-securesystemslib – github.com/secure-systems-lab/go-securesystemslib/signerverifier Index | Files

import "github.com/secure-systems-lab/go-securesystemslib/signerverifier"

Index ¶

Constants
Variables
type ECDSASignerVerifier

func NewECDSASignerVerifierFromSSLibKey(key *SSLibKey) (*ECDSASignerVerifier, error)
func (sv *ECDSASignerVerifier) KeyID() (string, error)
func (sv *ECDSASignerVerifier) Public() crypto.PublicKey
func (sv *ECDSASignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error)
func (sv *ECDSASignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error

type ED25519SignerVerifier

func NewED25519SignerVerifierFromSSLibKey(key *SSLibKey) (*ED25519SignerVerifier, error)
func (sv *ED25519SignerVerifier) KeyID() (string, error)
func (sv *ED25519SignerVerifier) Public() crypto.PublicKey
func (sv *ED25519SignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error)
func (sv *ED25519SignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error

type KeyVal
type RSAPSSSignerVerifier

func NewRSAPSSSignerVerifierFromSSLibKey(key *SSLibKey) (*RSAPSSSignerVerifier, error)
func (sv *RSAPSSSignerVerifier) KeyID() (string, error)
func (sv *RSAPSSSignerVerifier) Public() crypto.PublicKey
func (sv *RSAPSSSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error)
func (sv *RSAPSSSignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error

type SSLibKey

func LoadECDSAKeyFromFile(path string) (*SSLibKey, error)
func LoadED25519KeyFromFile(path string) (*SSLibKey, error)
func LoadKey(keyBytes []byte) (*SSLibKey, error)
func LoadKeyFromSSLibBytes(contents []byte) (*SSLibKey, error)
func LoadRSAPSSKeyFromBytes(contents []byte) (*SSLibKey, error)
func LoadRSAPSSKeyFromFile(path string) (*SSLibKey, error)

Constants ¶

const (
	ECDSAKeyType   = "ecdsa"
	ECDSAKeyScheme = "ecdsa-sha2-nistp256"
)

const (
	RSAKeyType       = "rsa"
	RSAKeyScheme     = "rsassa-pss-sha256"
	RSAPrivateKeyPEM = "RSA PRIVATE KEY"
)

const (
	PublicKeyPEM  = "PUBLIC KEY"
	PrivateKeyPEM = "PRIVATE KEY"
)

const ED25519KeyType = "ed25519"

Variables ¶

var (
	ErrNotPrivateKey               = errors.New("loaded key is not a private key")
	ErrSignatureVerificationFailed = errors.New("failed to verify signature")
	ErrUnknownKeyType              = errors.New("unknown key type")
	ErrInvalidThreshold            = errors.New("threshold is either less than 1 or greater than number of provided public keys")
	ErrInvalidKey                  = errors.New("key object has no value")
	ErrInvalidPEM                  = errors.New("unable to parse PEM block")
)

var (
	// ErrNoPEMBlock gets triggered when there is no PEM block in the provided file
	ErrNoPEMBlock = errors.New("failed to decode the data as PEM block (are you sure this is a pem file?)")
	// ErrFailedPEMParsing gets returned when PKCS1, PKCS8 or PKIX key parsing fails
	ErrFailedPEMParsing = errors.New("failed parsing the PEM block: unsupported PEM type")
)

var KeyIDHashAlgorithms = []string{"sha256", "sha512"}

Types ¶

type ECDSASignerVerifier ¶

type ECDSASignerVerifier struct {
	// contains filtered or unexported fields
}

ECDSASignerVerifier is a dsse.SignerVerifier compliant interface to sign and verify signatures using ECDSA keys.

func NewECDSASignerVerifierFromSSLibKey ¶

func NewECDSASignerVerifierFromSSLibKey(key *SSLibKey) (*ECDSASignerVerifier, error)

NewECDSASignerVerifierFromSSLibKey creates an ECDSASignerVerifier from an SSLibKey.

func (*ECDSASignerVerifier) KeyID ¶

func (sv *ECDSASignerVerifier) KeyID() (string, error)

KeyID returns the identifier of the key used to create the ECDSASignerVerifier instance.

func (*ECDSASignerVerifier) Public ¶

func (sv *ECDSASignerVerifier) Public() crypto.PublicKey

Public returns the public portion of the key used to create the ECDSASignerVerifier instance.

func (*ECDSASignerVerifier) Sign ¶

func (sv *ECDSASignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error)

Sign creates a signature for `data`.

func (*ECDSASignerVerifier) Verify ¶

func (sv *ECDSASignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error

Verify verifies the `sig` value passed in against `data`.

type ED25519SignerVerifier ¶

type ED25519SignerVerifier struct {
	// contains filtered or unexported fields
}

ED25519SignerVerifier is a dsse.SignerVerifier compliant interface to sign and verify signatures using ED25519 keys.

func NewED25519SignerVerifierFromSSLibKey ¶

func NewED25519SignerVerifierFromSSLibKey(key *SSLibKey) (*ED25519SignerVerifier, error)

NewED25519SignerVerifierFromSSLibKey creates an Ed25519SignerVerifier from an SSLibKey.

func (*ED25519SignerVerifier) KeyID ¶

func (sv *ED25519SignerVerifier) KeyID() (string, error)

KeyID returns the identifier of the key used to create the ED25519SignerVerifier instance.

func (*ED25519SignerVerifier) Public ¶

func (sv *ED25519SignerVerifier) Public() crypto.PublicKey

Public returns the public portion of the key used to create the ED25519SignerVerifier instance.

func (*ED25519SignerVerifier) Sign ¶

func (sv *ED25519SignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error)

Sign creates a signature for `data`.

func (*ED25519SignerVerifier) Verify ¶

func (sv *ED25519SignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error

Verify verifies the `sig` value passed in against `data`.

type KeyVal ¶

type KeyVal struct {
	Private     string `json:"private,omitempty"`
	Public      string `json:"public,omitempty"`
	Certificate string `json:"certificate,omitempty"`
	Identity    string `json:"identity,omitempty"`
	Issuer      string `json:"issuer,omitempty"`
}

type RSAPSSSignerVerifier ¶

type RSAPSSSignerVerifier struct {
	// contains filtered or unexported fields
}

RSAPSSSignerVerifier is a dsse.SignerVerifier compliant interface to sign and verify signatures using RSA keys following the RSA-PSS scheme.

func NewRSAPSSSignerVerifierFromSSLibKey ¶

func NewRSAPSSSignerVerifierFromSSLibKey(key *SSLibKey) (*RSAPSSSignerVerifier, error)

NewRSAPSSSignerVerifierFromSSLibKey creates an RSAPSSSignerVerifier from an SSLibKey.

func (*RSAPSSSignerVerifier) KeyID ¶

func (sv *RSAPSSSignerVerifier) KeyID() (string, error)

KeyID returns the identifier of the key used to create the RSAPSSSignerVerifier instance.

func (*RSAPSSSignerVerifier) Public ¶

func (sv *RSAPSSSignerVerifier) Public() crypto.PublicKey

Public returns the public portion of the key used to create the RSAPSSSignerVerifier instance.

func (*RSAPSSSignerVerifier) Sign ¶

func (sv *RSAPSSSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error)

Sign creates a signature for `data`.

func (*RSAPSSSignerVerifier) Verify ¶

func (sv *RSAPSSSignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error

Verify verifies the `sig` value passed in against `data`.

type SSLibKey ¶

type SSLibKey struct {
	KeyIDHashAlgorithms []string `json:"keyid_hash_algorithms"`
	KeyType             string   `json:"keytype"`
	KeyVal              KeyVal   `json:"keyval"`
	Scheme              string   `json:"scheme"`
	KeyID               string   `json:"keyid"`
}

func LoadECDSAKeyFromFile ¶

func LoadECDSAKeyFromFile(path string) (*SSLibKey, error)

LoadECDSAKeyFromFile returns an SSLibKey instance for an ECDSA key stored in a file in the custom securesystemslib format.

Deprecated: use LoadKey(). The custom serialization format has been deprecated. Use https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py to convert your key.

func LoadED25519KeyFromFile ¶

func LoadED25519KeyFromFile(path string) (*SSLibKey, error)

LoadED25519KeyFromFile returns an SSLibKey instance for an ED25519 key stored in a file in the custom securesystemslib format.

Deprecated: use LoadKey(). The custom serialization format has been deprecated. Use https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py to convert your key.

func LoadKey ¶

func LoadKey(keyBytes []byte) (*SSLibKey, error)

LoadKey returns an SSLibKey object when provided a PEM encoded key. Currently, RSA, ED25519, and ECDSA keys are supported.

func LoadKeyFromSSLibBytes ¶

func LoadKeyFromSSLibBytes(contents []byte) (*SSLibKey, error)

LoadKeyFromSSLibBytes returns a pointer to a Key instance created from the contents of the bytes. The key contents are expected to be in the custom securesystemslib format.

Deprecated: use LoadKey() for all key types, RSA is no longer the only key that uses PEM serialization.

func LoadRSAPSSKeyFromBytes ¶

func LoadRSAPSSKeyFromBytes(contents []byte) (*SSLibKey, error)

LoadRSAPSSKeyFromBytes is a function that takes a byte array as input. This byte array should represent a PEM encoded RSA key, as PEM encoding is required. The function returns an SSLibKey instance, which is a struct that holds the key data.

Deprecated: use LoadKey() for all key types, RSA is no longer the only key that uses PEM serialization.

func LoadRSAPSSKeyFromFile ¶

func LoadRSAPSSKeyFromFile(path string) (*SSLibKey, error)

LoadRSAPSSKeyFromFile returns an SSLibKey instance for an RSA key stored in a file.

Deprecated: use LoadKey(). The custom serialization format has been deprecated. Use https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py to convert your key.

Source Files ¶

ecdsa.go ed25519.go rsa.go signerverifier.go utils.go

Version: v0.9.0 (latest)
Published: Dec 12, 2024
Platform: darwin/amd64
Imports: 19 packages
Last checked: 10 months ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples