Package io.grafeas.v1beta1.attestation

Interface PgpSignedAttestationOrBuilder

  • All Superinterfaces:
    com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
    All Known Implementing Classes:
    PgpSignedAttestation, PgpSignedAttestation.Builder
    public interface PgpSignedAttestationOrBuilder
extends com.google.protobuf.MessageOrBuilder

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      PgpSignedAttestation.ContentType getContentType()
      Type (for example schema) of the attestation payload that was signed.
      int getContentTypeValue()
      Type (for example schema) of the attestation payload that was signed.
      PgpSignedAttestation.KeyIdCase getKeyIdCase()  
      String getPgpKeyId()
      The cryptographic fingerprint of the key used to generate the signature, as output by, e.g.
      com.google.protobuf.ByteString getPgpKeyIdBytes()
      The cryptographic fingerprint of the key used to generate the signature, as output by, e.g.
      String getSignature()
      Required.
      com.google.protobuf.ByteString getSignatureBytes()
      Required.

      • Methods inherited from interface com.google.protobuf.MessageLiteOrBuilder

        isInitialized

      • Methods inherited from interface com.google.protobuf.MessageOrBuilder

        findInitializationErrors, getAllFields, getDefaultInstanceForType, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

    • Method Detail

      • getSignature

        String getSignature()
         Required. The raw content of the signature, as output by GNU Privacy Guard
 (GPG) or equivalent. Since this message only supports attached signatures,
 the payload that was signed must be attached. While the signature format
 supported is dependent on the verification implementation, currently only
 ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
 `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
 --output=signature.gpg payload.json` will create the signature content
 expected in this field in `signature.gpg` for the `payload.json`
 attestation payload.
        string signature = 1;
        Returns:
        The signature.

      • getSignatureBytes

        com.google.protobuf.ByteString getSignatureBytes()
         Required. The raw content of the signature, as output by GNU Privacy Guard
 (GPG) or equivalent. Since this message only supports attached signatures,
 the payload that was signed must be attached. While the signature format
 supported is dependent on the verification implementation, currently only
 ASCII-armored (`--armor` to gpg), non-clearsigned (`--sign` rather than
 `--clearsign` to gpg) are supported. Concretely, `gpg --sign --armor
 --output=signature.gpg payload.json` will create the signature content
 expected in this field in `signature.gpg` for the `payload.json`
 attestation payload.
        string signature = 1;
        Returns:
        The bytes for signature.

      • getContentTypeValue

        int getContentTypeValue()
         Type (for example schema) of the attestation payload that was signed.
 The verifier must ensure that the provided type is one that the verifier
 supports, and that the attestation payload is a valid instantiation of that
 type (for example by validating a JSON schema).
        .grafeas.v1beta1.attestation.PgpSignedAttestation.ContentType content_type = 3;
        Returns:
        The enum numeric value on the wire for contentType.

      • getContentType

        PgpSignedAttestation.ContentType getContentType()
         Type (for example schema) of the attestation payload that was signed.
 The verifier must ensure that the provided type is one that the verifier
 supports, and that the attestation payload is a valid instantiation of that
 type (for example by validating a JSON schema).
        .grafeas.v1beta1.attestation.PgpSignedAttestation.ContentType content_type = 3;
        Returns:
        The contentType.

      • getPgpKeyId

        String getPgpKeyId()
         The cryptographic fingerprint of the key used to generate the signature,
 as output by, e.g. `gpg --list-keys`. This should be the version 4, full
 160-bit fingerprint, expressed as a 40 character hexidecimal string. See
 https://tools.ietf.org/html/rfc4880#section-12.2 for details.
 Implementations may choose to acknowledge "LONG", "SHORT", or other
 abbreviated key IDs, but only the full fingerprint is guaranteed to work.
 In gpg, the full fingerprint can be retrieved from the `fpr` field
 returned when calling --list-keys with --with-colons.  For example:
 ```
 gpg --with-colons --with-fingerprint --force-v4-certs \
     --list-keys attester@example.com
 tru::1:1513631572:0:3:1:5
 pub:...<SNIP>...
 fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
 ```
 Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
        string pgp_key_id = 2;
        Returns:
        The pgpKeyId.

      • getPgpKeyIdBytes

        com.google.protobuf.ByteString getPgpKeyIdBytes()
         The cryptographic fingerprint of the key used to generate the signature,
 as output by, e.g. `gpg --list-keys`. This should be the version 4, full
 160-bit fingerprint, expressed as a 40 character hexidecimal string. See
 https://tools.ietf.org/html/rfc4880#section-12.2 for details.
 Implementations may choose to acknowledge "LONG", "SHORT", or other
 abbreviated key IDs, but only the full fingerprint is guaranteed to work.
 In gpg, the full fingerprint can be retrieved from the `fpr` field
 returned when calling --list-keys with --with-colons.  For example:
 ```
 gpg --with-colons --with-fingerprint --force-v4-certs \
     --list-keys attester@example.com
 tru::1:1513631572:0:3:1:5
 pub:...<SNIP>...
 fpr:::::::::24FF6481B76AC91E66A00AC657A93A81EF3AE6FB:
 ```
 Above, the fingerprint is `24FF6481B76AC91E66A00AC657A93A81EF3AE6FB`.
        string pgp_key_id = 2;
        Returns:
        The bytes for pgpKeyId.