View Source GoogleApi.ContainerAnalysis.V1alpha1.Model.BuildSignature (google_api_container_analysis v0.28.0)
Message encapsulating the signature of the verified build.
Attributes
-
keyId
(type:String.t
, default:nil
) - An Id for the key used to sign. This could be either an Id for the key stored inpublic_key
(such as the Id or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service). -
keyType
(type:String.t
, default:nil
) - The type of the key, either stored inpublic_key
or referenced inkey_id
-
publicKey
(type:String.t
, default:nil
) - Public key of the builder which can be used to verify that the related findings are valid and unchanged. Ifkey_type
is empty, this defaults to PEM encoded public keys. This field may be empty ifkey_id
references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes fromBuildDetails
are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature:openssl sha256 -verify public.pem -signature signature.bin signed.bin
-
signature
(type:String.t
, default:nil
) - Signature of the relatedBuildProvenance
, encoded in a base64 string.
Summary
Functions
Unwrap a decoded JSON object into its complex fields.
Types
Functions
Unwrap a decoded JSON object into its complex fields.