Struct google_api_proto::grafeas::v1beta1::Signature
source · pub struct Signature {
pub signature: Bytes,
pub public_key_id: String,
}
Expand description
Verifiers (e.g. Kritis implementations) MUST verify signatures
with respect to the trust anchors defined in policy (e.g. a Kritis policy).
Typically this means that the verifier has been configured with a map from
public_key_id
to public key material (and any required parameters, e.g.
signing algorithm).
In particular, verification implementations MUST NOT treat the signature
public_key_id
as anything more than a key lookup hint. The public_key_id
DOES NOT validate or authenticate a public key; it only provides a mechanism
for quickly selecting a public key ALREADY CONFIGURED on the verifier through
a trusted channel. Verification implementations MUST reject signatures in any
of the following circumstances:
- The
public_key_id
is not recognized by the verifier. - The public key that
public_key_id
refers to does not verify the signature with respect to the payload.
The signature
contents SHOULD NOT be “attached” (where the payload is
included with the serialized signature
bytes). Verifiers MUST ignore any
“attached” payload and only verify signatures with respect to explicitly
provided payload (e.g. a payload
field on the proto message that holds
this Signature, or the canonical serialization of the proto message that
holds this signature).
Fields§
§signature: Bytes
The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
public_key_id: String
The identifier for the public key that verifies this signature.
- The
public_key_id
is required. - The
public_key_id
MUST be an RFC3986 conformant URI. - When possible, the
public_key_id
SHOULD be an immutable reference, such as a cryptographic digest.
Examples of valid public_key_id
s:
OpenPGP V4 public key fingerprint:
- “openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA” See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
- “ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU”
- “nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5”
Trait Implementations§
source§impl Message for Signature
impl Message for Signature
source§fn encoded_len(&self) -> usize
fn encoded_len(&self) -> usize
source§fn encode(&self, buf: &mut impl BufMut) -> Result<(), EncodeError>where
Self: Sized,
fn encode(&self, buf: &mut impl BufMut) -> Result<(), EncodeError>where
Self: Sized,
source§fn encode_to_vec(&self) -> Vec<u8>where
Self: Sized,
fn encode_to_vec(&self) -> Vec<u8>where
Self: Sized,
source§fn encode_length_delimited(
&self,
buf: &mut impl BufMut,
) -> Result<(), EncodeError>where
Self: Sized,
fn encode_length_delimited(
&self,
buf: &mut impl BufMut,
) -> Result<(), EncodeError>where
Self: Sized,
source§fn encode_length_delimited_to_vec(&self) -> Vec<u8>where
Self: Sized,
fn encode_length_delimited_to_vec(&self) -> Vec<u8>where
Self: Sized,
source§fn decode(buf: impl Buf) -> Result<Self, DecodeError>where
Self: Default,
fn decode(buf: impl Buf) -> Result<Self, DecodeError>where
Self: Default,
source§fn decode_length_delimited(buf: impl Buf) -> Result<Self, DecodeError>where
Self: Default,
fn decode_length_delimited(buf: impl Buf) -> Result<Self, DecodeError>where
Self: Default,
source§fn merge(&mut self, buf: impl Buf) -> Result<(), DecodeError>where
Self: Sized,
fn merge(&mut self, buf: impl Buf) -> Result<(), DecodeError>where
Self: Sized,
self
. Read moresource§fn merge_length_delimited(&mut self, buf: impl Buf) -> Result<(), DecodeError>where
Self: Sized,
fn merge_length_delimited(&mut self, buf: impl Buf) -> Result<(), DecodeError>where
Self: Sized,
self
.source§impl PartialEq for Signature
impl PartialEq for Signature
impl StructuralPartialEq for Signature
Auto Trait Implementations§
impl !Freeze for Signature
impl RefUnwindSafe for Signature
impl Send for Signature
impl Sync for Signature
impl Unpin for Signature
impl UnwindSafe for Signature
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
§impl<T> Instrument for T
impl<T> Instrument for T
§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
source§impl<T> IntoRequest<T> for T
impl<T> IntoRequest<T> for T
source§fn into_request(self) -> Request<T>
fn into_request(self) -> Request<T>
T
in a tonic::Request