Struct gapi_grpc::grafeas::v1beta1::Signature

pub struct Signature {
    pub signature: Vec<u8>,
    pub public_key_id: String,
}

Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from public_key_id to public key material (and any required parameters, e.g. signing algorithm).

In particular, verification implementations MUST NOT treat the signature public_key_id as anything more than a key lookup hint. The public_key_id DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances:

• The public_key_id is not recognized by the verifier.
• The public key that public_key_id refers to does not verify the signature with respect to the payload.

The signature contents SHOULD NOT be “attached” (where the payload is included with the serialized signature bytes). Verifiers MUST ignore any “attached” payload and only verify signatures with respect to explicitly provided payload (e.g. a payload field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).

Fields

signature: Vec<u8>

The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.

public_key_id: String

The identifier for the public key that verifies this signature.

• The public_key_id is required.
• The public_key_id MUST be an RFC3986 conformant URI.
• When possible, the public_key_id SHOULD be an immutable reference, such as a cryptographic digest.

Examples of valid public_key_ids:

OpenPGP V4 public key fingerprint:

• “openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA” See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.

RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):

• “ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU”
• “nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5”

Trait Implementations

impl Clone for Signature

fn clone(&self) -> Signature

Returns a copy of the value.

pub fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Signature

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for Signature

fn default() -> Signature

Returns the “default value” for a type.

impl Message for Signature

fn encode_raw<B>(&self, buf: &mut B) where
    B: BufMut, 

fn merge_field<B>(
    &mut self,
    tag: u32,
    wire_type: WireType,
    buf: &mut B,
    ctx: DecodeContext
) -> Result<(), DecodeError> where
    B: Buf, 

fn encoded_len(&self) -> usize

Returns the encoded length of the message without a length delimiter.

fn clear(&mut self)

Clears the message, resetting all fields to their default.

pub fn encode<B>(&self, buf: &mut B) -> Result<(), EncodeError> where
    B: BufMut, 

Encodes the message to a buffer.

pub fn encode_length_delimited<B>(&self, buf: &mut B) -> Result<(), EncodeError> where
    B: BufMut, 

Encodes the message with a length-delimiter to a buffer.

pub fn decode<B>(buf: B) -> Result<Self, DecodeError> where
    Self: Default,
    B: Buf, 

Decodes an instance of the message from a buffer.

pub fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError> where
    Self: Default,
    B: Buf, 

Decodes a length-delimited instance of the message from the buffer.

pub fn merge<B>(&mut self, buf: B) -> Result<(), DecodeError> where
    B: Buf, 

Decodes an instance of the message from a buffer, and merges it into self.

pub fn merge_length_delimited<B>(&mut self, buf: B) -> Result<(), DecodeError> where
    B: Buf, 

Decodes a length-delimited instance of the message from buffer, and merges it into self.

impl PartialEq<Signature> for Signature

fn eq(&self, other: &Signature) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Signature) -> bool

This method tests for !=.

impl StructuralPartialEq for Signature