Class: Google::Cloud::BinaryAuthorization::V1::PkixPublicKey

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/binaryauthorization/v1/resources.rb

Overview

A public key in the PkixPublicKey format. Public keys of this type are typically textually encoded using the PEM format.

Defined Under Namespace

Modules: SignatureAlgorithm

Instance Attribute Summary collapse

Instance Attribute Details

#key_id::String

Returns Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them. The ID must match exactly contents of the key_id field exactly.

The ID may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key.

If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either match that value exactly, or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.

Returns:

  • (::String)

    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them. The ID must match exactly contents of the key_id field exactly.

    The ID may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key.

    If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either match that value exactly, or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.



311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 311

class PkixPublicKey
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represents a signature algorithm and other information necessary to verify
  # signatures with a given public key.
  # This is based primarily on the public key types supported by Tink's
  # PemKeyType, which is in turn based on KMS's supported signing
  # [algorithms](https://cloud.google.com/kms/docs/algorithms). In the future,
  # Binary Authorization might support additional public key types
  # independently of Tink and/or KMS.
  module SignatureAlgorithm
    # Not specified.
    SIGNATURE_ALGORITHM_UNSPECIFIED = 0

    # RSASSA-PSS 2048 bit key with a SHA256 digest.
    RSA_PSS_2048_SHA256 = 1

    # RSASSA-PSS 2048 bit key with a SHA256 digest.
    RSA_SIGN_PSS_2048_SHA256 = 1

    # RSASSA-PSS 3072 bit key with a SHA256 digest.
    RSA_PSS_3072_SHA256 = 2

    # RSASSA-PSS 3072 bit key with a SHA256 digest.
    RSA_SIGN_PSS_3072_SHA256 = 2

    # RSASSA-PSS 4096 bit key with a SHA256 digest.
    RSA_PSS_4096_SHA256 = 3

    # RSASSA-PSS 4096 bit key with a SHA256 digest.
    RSA_SIGN_PSS_4096_SHA256 = 3

    # RSASSA-PSS 4096 bit key with a SHA512 digest.
    RSA_PSS_4096_SHA512 = 4

    # RSASSA-PSS 4096 bit key with a SHA512 digest.
    RSA_SIGN_PSS_4096_SHA512 = 4

    # RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
    RSA_SIGN_PKCS1_2048_SHA256 = 5

    # RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
    RSA_SIGN_PKCS1_3072_SHA256 = 6

    # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
    RSA_SIGN_PKCS1_4096_SHA256 = 7

    # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
    RSA_SIGN_PKCS1_4096_SHA512 = 8

    # ECDSA on the NIST P-256 curve with a SHA256 digest.
    ECDSA_P256_SHA256 = 9

    # ECDSA on the NIST P-256 curve with a SHA256 digest.
    EC_SIGN_P256_SHA256 = 9

    # ECDSA on the NIST P-384 curve with a SHA384 digest.
    ECDSA_P384_SHA384 = 10

    # ECDSA on the NIST P-384 curve with a SHA384 digest.
    EC_SIGN_P384_SHA384 = 10

    # ECDSA on the NIST P-521 curve with a SHA512 digest.
    ECDSA_P521_SHA512 = 11

    # ECDSA on the NIST P-521 curve with a SHA512 digest.
    EC_SIGN_P521_SHA512 = 11

    # ML-DSA-65 Post-Quantum Cryptography signature algorithm.
    ML_DSA_65 = 13
  end
end

#public_key_pem::String

Returns A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13.

Returns:



311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 311

class PkixPublicKey
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represents a signature algorithm and other information necessary to verify
  # signatures with a given public key.
  # This is based primarily on the public key types supported by Tink's
  # PemKeyType, which is in turn based on KMS's supported signing
  # [algorithms](https://cloud.google.com/kms/docs/algorithms). In the future,
  # Binary Authorization might support additional public key types
  # independently of Tink and/or KMS.
  module SignatureAlgorithm
    # Not specified.
    SIGNATURE_ALGORITHM_UNSPECIFIED = 0

    # RSASSA-PSS 2048 bit key with a SHA256 digest.
    RSA_PSS_2048_SHA256 = 1

    # RSASSA-PSS 2048 bit key with a SHA256 digest.
    RSA_SIGN_PSS_2048_SHA256 = 1

    # RSASSA-PSS 3072 bit key with a SHA256 digest.
    RSA_PSS_3072_SHA256 = 2

    # RSASSA-PSS 3072 bit key with a SHA256 digest.
    RSA_SIGN_PSS_3072_SHA256 = 2

    # RSASSA-PSS 4096 bit key with a SHA256 digest.
    RSA_PSS_4096_SHA256 = 3

    # RSASSA-PSS 4096 bit key with a SHA256 digest.
    RSA_SIGN_PSS_4096_SHA256 = 3

    # RSASSA-PSS 4096 bit key with a SHA512 digest.
    RSA_PSS_4096_SHA512 = 4

    # RSASSA-PSS 4096 bit key with a SHA512 digest.
    RSA_SIGN_PSS_4096_SHA512 = 4

    # RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
    RSA_SIGN_PKCS1_2048_SHA256 = 5

    # RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
    RSA_SIGN_PKCS1_3072_SHA256 = 6

    # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
    RSA_SIGN_PKCS1_4096_SHA256 = 7

    # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
    RSA_SIGN_PKCS1_4096_SHA512 = 8

    # ECDSA on the NIST P-256 curve with a SHA256 digest.
    ECDSA_P256_SHA256 = 9

    # ECDSA on the NIST P-256 curve with a SHA256 digest.
    EC_SIGN_P256_SHA256 = 9

    # ECDSA on the NIST P-384 curve with a SHA384 digest.
    ECDSA_P384_SHA384 = 10

    # ECDSA on the NIST P-384 curve with a SHA384 digest.
    EC_SIGN_P384_SHA384 = 10

    # ECDSA on the NIST P-521 curve with a SHA512 digest.
    ECDSA_P521_SHA512 = 11

    # ECDSA on the NIST P-521 curve with a SHA512 digest.
    EC_SIGN_P521_SHA512 = 11

    # ML-DSA-65 Post-Quantum Cryptography signature algorithm.
    ML_DSA_65 = 13
  end
end

#signature_algorithm::Google::Cloud::BinaryAuthorization::V1::PkixPublicKey::SignatureAlgorithm

Returns The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

Returns:



311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 311

class PkixPublicKey
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Represents a signature algorithm and other information necessary to verify
  # signatures with a given public key.
  # This is based primarily on the public key types supported by Tink's
  # PemKeyType, which is in turn based on KMS's supported signing
  # [algorithms](https://cloud.google.com/kms/docs/algorithms). In the future,
  # Binary Authorization might support additional public key types
  # independently of Tink and/or KMS.
  module SignatureAlgorithm
    # Not specified.
    SIGNATURE_ALGORITHM_UNSPECIFIED = 0

    # RSASSA-PSS 2048 bit key with a SHA256 digest.
    RSA_PSS_2048_SHA256 = 1

    # RSASSA-PSS 2048 bit key with a SHA256 digest.
    RSA_SIGN_PSS_2048_SHA256 = 1

    # RSASSA-PSS 3072 bit key with a SHA256 digest.
    RSA_PSS_3072_SHA256 = 2

    # RSASSA-PSS 3072 bit key with a SHA256 digest.
    RSA_SIGN_PSS_3072_SHA256 = 2

    # RSASSA-PSS 4096 bit key with a SHA256 digest.
    RSA_PSS_4096_SHA256 = 3

    # RSASSA-PSS 4096 bit key with a SHA256 digest.
    RSA_SIGN_PSS_4096_SHA256 = 3

    # RSASSA-PSS 4096 bit key with a SHA512 digest.
    RSA_PSS_4096_SHA512 = 4

    # RSASSA-PSS 4096 bit key with a SHA512 digest.
    RSA_SIGN_PSS_4096_SHA512 = 4

    # RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
    RSA_SIGN_PKCS1_2048_SHA256 = 5

    # RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
    RSA_SIGN_PKCS1_3072_SHA256 = 6

    # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
    RSA_SIGN_PKCS1_4096_SHA256 = 7

    # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
    RSA_SIGN_PKCS1_4096_SHA512 = 8

    # ECDSA on the NIST P-256 curve with a SHA256 digest.
    ECDSA_P256_SHA256 = 9

    # ECDSA on the NIST P-256 curve with a SHA256 digest.
    EC_SIGN_P256_SHA256 = 9

    # ECDSA on the NIST P-384 curve with a SHA384 digest.
    ECDSA_P384_SHA384 = 10

    # ECDSA on the NIST P-384 curve with a SHA384 digest.
    EC_SIGN_P384_SHA384 = 10

    # ECDSA on the NIST P-521 curve with a SHA512 digest.
    ECDSA_P521_SHA512 = 11

    # ECDSA on the NIST P-521 curve with a SHA512 digest.
    EC_SIGN_P521_SHA512 = 11

    # ML-DSA-65 Post-Quantum Cryptography signature algorithm.
    ML_DSA_65 = 13
  end
end