Class: Google::Apis::ContaineranalysisV1beta1::Signature
- Inherits:
-
Object
- Object
- Google::Apis::ContaineranalysisV1beta1::Signature
- Defined in:
- generated/google/apis/containeranalysis_v1beta1/classes.rb,
generated/google/apis/containeranalysis_v1beta1/representations.rb,
generated/google/apis/containeranalysis_v1beta1/representations.rb
Overview
Verifiers (e.g. Kritis implementations) MUST verify signatures
with respect to the trust anchors defined in policy (e.g. a Kritis policy).
Typically this means that the verifier has been configured with a map from
public_key_id
to public key material (and any required parameters, e.g.
signing algorithm).
In particular, verification implementations MUST NOT treat the signature
public_key_id
as anything more than a key lookup hint. The public_key_id
DOES NOT validate or authenticate a public key; it only provides a mechanism
for quickly selecting a public key ALREADY CONFIGURED on the verifier through
a trusted channel. Verification implementations MUST reject signatures in any
of the following circumstances:
- The
public_key_id
is not recognized by the verifier. - The public key that
public_key_id
refers to does not verify the signature with respect to the payload. Thesignature
contents SHOULD NOT be "attached" (where the payload is included with the serializedsignature
bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. apayload
field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).
Instance Attribute Summary collapse
-
#public_key_id ⇒ String
The identifier for the public key that verifies this signature.
-
#signature ⇒ String
The content of the signature, an opaque bytestring.
Instance Method Summary collapse
-
#initialize(**args) ⇒ Signature
constructor
A new instance of Signature.
-
#update!(**args) ⇒ Object
Update properties of this object.
Methods included from Google::Apis::Core::JsonObjectSupport
Methods included from Google::Apis::Core::Hashable
Constructor Details
#initialize(**args) ⇒ Signature
Returns a new instance of Signature.
2579 2580 2581 |
# File 'generated/google/apis/containeranalysis_v1beta1/classes.rb', line 2579 def initialize(**args) update!(**args) end |
Instance Attribute Details
#public_key_id ⇒ String
The identifier for the public key that verifies this signature.
- The
public_key_id
is required. - The
public_key_id
MUST be an RFC3986 conformant URI. - When possible, the
public_key_id
SHOULD be an immutable reference, such as a cryptographic digest. Examples of validpublic_key_id
s: OpenPGP V4 public key fingerprint: - "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme. RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
- "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
- "nih:///sha-256;
703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
Corresponds to the JSON property
publicKeyId
2566 2567 2568 |
# File 'generated/google/apis/containeranalysis_v1beta1/classes.rb', line 2566 def public_key_id @public_key_id end |
#signature ⇒ String
The content of the signature, an opaque bytestring.
The payload that this signature verifies MUST be unambiguously provided
with the Signature during verification. A wrapper message might provide
the payload explicitly. Alternatively, a message might have a canonical
serialization that can always be unambiguously computed to derive the
payload.
Corresponds to the JSON property signature
NOTE: Values are automatically base64 encoded/decoded in the client library.
2577 2578 2579 |
# File 'generated/google/apis/containeranalysis_v1beta1/classes.rb', line 2577 def signature @signature end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
2584 2585 2586 2587 |
# File 'generated/google/apis/containeranalysis_v1beta1/classes.rb', line 2584 def update!(**args) @public_key_id = args[:public_key_id] if args.key?(:public_key_id) @signature = args[:signature] if args.key?(:signature) end |