Package: golang-github-sigstore-sigstore-go-dev (0.7.1-2)
Links for golang-github-sigstore-sigstore-go-dev
Debian Resources:
Download Source Package sigstore-go:
Maintainers:
External Resources:
- Homepage [github.com]
Similar packages:
Sigstore signing and verification (Go library)
A client library for Sigstore (https://www.sigstore.dev/), written in Go. Features:
* Signing and verification of Sigstore bundles (https://github.com/sigstore/protobuf- specs/blob/main/protos/sigstore_bundle.proto) compliant with Sigstore Client Spec * Verification of raw Sigstore signatures by creating bundles for them (see conformance tests (/cmd/conformance/main.go) for example) * Signing and verifying with a Timestamp Authority (TSA) * Signing and verifying (offline or online) with Rekor (Artifact Transparency Log) * Structured verification results including certificate metadata * TUF support * Verification support for custom trusted root (https://github.com/sigstore/protobuf- specs/blob/main/protos/sigstore_trustroot.proto) * Basic CLI and examples
For an example of how to use this library, see the verification documentation (/docs/verification.md), the CLI cmd/sigstore-go (/cmd/sigstore-go/main.go). Note that the CLI is to demonstrate how to use the library, and not intended as a fully- featured Sigstore CLI like cosign (https://github.com/sigstore/cosign).
Background
Sigstore already has a canonical Go client implementation, cosign (https://github.com/sigstore/cosign), which was developed with a focus on container image signing/verification. It has a rich CLI and a long legacy of features and development. sigstore-go is a more minimal and friendly API for integrating Go code with Sigstore, with a focus on the newly specified data structures in sigstore/protobuf-specs (https://github.com/sigstore/protobuf-specs). sigstore-go attempts to minimize the dependency tree for simple signing and verification tasks, omitting KMS support and container image verification.
This package contains the Go library.
Other Packages Related to golang-github-sigstore-sigstore-go-dev
|
|
|
|
-
- dep: golang-github-digitorus-pkcs7-dev
- Go PKCS#7/CMS library
-
- dep: golang-github-digitorus-timestamp-dev
- Time-Stamp Protocol (TSP/RFC3161) Go library
-
- dep: golang-github-go-openapi-runtime-dev
- OpenAPI runtime interfaces
-
- dep: golang-github-go-openapi-strfmt-dev
- OpenAPI string formatting library
-
- dep: golang-github-go-openapi-swag-dev
- goodie bag in use in the go-openapi projects
-
- dep: golang-github-google-certificate-transparency-dev
- Framework for monitoring and auditing SSL certificates
-
- dep: golang-github-in-toto-attestation-dev
- in-toto Attestation Framework (Go library)
-
- dep: golang-github-in-toto-in-toto-golang-dev
- software supply chain integrity framework in-toto for Go (library)
-
- dep: golang-github-secure-systems-lab-go-securesystemslib-dev
- Cryptographic routines for Golang Secure Systems Lab projects at NYU (library)
-
- dep: golang-github-sigstore-protobuf-specs-dev (>> 0.4.1~)
- Sigstore Protocol Buffer code (library)
-
- dep: golang-github-sigstore-rekor-dev (>> 1.3.6-2~)
- Software Supply Chain Transparency Log (library)
-
- dep: golang-github-sigstore-sigstore-dev (>> 1.8.10-2~)
- Common go library shared across sigstore services and clients (library)
-
- dep: golang-github-sigstore-timestamp-authority-dev
- Sigstore RFC3161 Timestamp Authority (Go library)
-
- dep: golang-github-stretchr-testify-dev
- sacred extension to the standard Go testing package
-
- dep: golang-github-theupdateframework-go-tuf-dev (>> 2.0.2~)
- Securing software in golang (library)
-
- dep: golang-golang-x-crypto-dev
- Supplementary Go cryptography libraries
-
- dep: golang-golang-x-mod-dev
- Go module mechanics libraries
-
- dep: golang-google-protobuf-dev
- Go support for protocol buffers (APIv2)
Download golang-github-sigstore-sigstore-go-dev
| Architecture | Package Size | Installed Size | Files |
|---|---|---|---|
| all | 104.4 kB | 607.0 kB | [list of files] |