Class: Google::Apis::ContaineranalysisV1alpha1::PgpSignedAttestation
- Inherits:
-
Object
- Object
- Google::Apis::ContaineranalysisV1alpha1::PgpSignedAttestation
- Defined in:
- generated/google/apis/containeranalysis_v1alpha1/classes.rb,
generated/google/apis/containeranalysis_v1alpha1/representations.rb,
generated/google/apis/containeranalysis_v1alpha1/representations.rb
Overview
An attestation wrapper with a PGP-compatible signature.
This message only supports ATTACHED
signatures, where the payload that is
signed is included alongside the signature itself in the same file.
Instance Attribute Summary collapse
-
#content_type ⇒ String
Type (for example schema) of the attestation payload that was signed.
-
#pgp_key_id ⇒ String
The cryptographic fingerprint of the key used to generate the signature, as output by, e.g.
-
#signature ⇒ String
The raw content of the signature, as output by GNU Privacy Guard (GPG) or equivalent.
Instance Method Summary collapse
-
#initialize(**args) ⇒ PgpSignedAttestation
constructor
A new instance of PgpSignedAttestation.
-
#update!(**args) ⇒ Object
Update properties of this object.
Methods included from Google::Apis::Core::JsonObjectSupport
Methods included from Google::Apis::Core::Hashable
Constructor Details
#initialize(**args) ⇒ PgpSignedAttestation
Returns a new instance of PgpSignedAttestation
1920 1921 1922 |
# File 'generated/google/apis/containeranalysis_v1alpha1/classes.rb', line 1920 def initialize(**args) update!(**args) end |
Instance Attribute Details
#content_type ⇒ String
Type (for example schema) of the attestation payload that was signed.
The verifier must ensure that the provided type is one that the verifier
supports, and that the attestation payload is a valid instantiation of that
type (for example by validating a JSON schema).
Corresponds to the JSON property contentType
1885 1886 1887 |
# File 'generated/google/apis/containeranalysis_v1alpha1/classes.rb', line 1885 def content_type @content_type end |
#pgp_key_id ⇒ String
The cryptographic fingerprint of the key used to generate the signature,
as output by, e.g. gpg --list-keys
. This should be the version 4, full
160-bit fingerprint, expressed as a 40 character hexadecimal string. See
https://tools.ietf.org/html/rfc4880#section-12.2 for details.
Implementations may choose to acknowledge "LONG", "SHORT", or other
abbreviated key IDs, but only the full fingerprint is guaranteed to work.
In gpg, the full fingerprint can be retrieved from the fpr
field
returned when calling --list-keys with --with-colons. For example:
gpg --with-colons --with-fingerprint --force-v4-certs \
--list-keys attester@example.com
tru::1:1513631572:0:3:1:5
pub:...<SNIP>...
fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
Above, the fingerprint is 24FF6481B76AC91E66A00AC657A93A81EF3AE6FB
.
Corresponds to the JSON property pgpKeyId
1905 1906 1907 |
# File 'generated/google/apis/containeranalysis_v1alpha1/classes.rb', line 1905 def pgp_key_id @pgp_key_id end |
#signature ⇒ String
The raw content of the signature, as output by GNU Privacy Guard (GPG) or
equivalent. Since this message only supports attached signatures, the
payload that was signed must be attached. While the signature format
supported is dependent on the verification implementation, currently only
ASCII-armored (--armor
to gpg), non-clearsigned (--sign
rather than
--clearsign
to gpg) are supported. Concretely, gpg --sign --armor
--output=signature.gpg payload.json
will create the signature content
expected in this field in signature.gpg
for the payload.json
attestation payload.
Corresponds to the JSON property signature
1918 1919 1920 |
# File 'generated/google/apis/containeranalysis_v1alpha1/classes.rb', line 1918 def signature @signature end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
1925 1926 1927 1928 1929 |
# File 'generated/google/apis/containeranalysis_v1alpha1/classes.rb', line 1925 def update!(**args) @content_type = args[:content_type] if args.key?(:content_type) @pgp_key_id = args[:pgp_key_id] if args.key?(:pgp_key_id) @signature = args[:signature] if args.key?(:signature) end |