View Source GoogleApi.ContainerAnalysis.V1beta1.Model.BuildSignature (google_api_container_analysis v0.25.0)

Message encapsulating the signature of the verified build.


  • keyId (type: String.t, default: nil) - An ID for the key used to sign. This could be either an ID for the key stored in public_key (such as the ID or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).
  • keyType (type: String.t, default: nil) - The type of the key, either stored in public_key or referenced in key_id.
  • publicKey (type: String.t, default: nil) - Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin
  • signature (type: String.t, default: nil) - Required. Signature of the related BuildProvenance. In JSON, this is base-64 encoded.

Link to this section Summary


Unwrap a decoded JSON object into its complex fields.

Link to this section Types


t() :: %GoogleApi.ContainerAnalysis.V1beta1.Model.BuildSignature{
  keyId: String.t() | nil,
  keyType: String.t() | nil,
  publicKey: String.t() | nil,
  signature: String.t() | nil

Link to this section Functions


decode(struct(), keyword()) :: struct()

Unwrap a decoded JSON object into its complex fields.