Class: Google::Cloud::BinaryAuthorization::V1::PkixPublicKey
- Inherits:
-
Object
- Object
- Google::Cloud::BinaryAuthorization::V1::PkixPublicKey
- Extended by:
- Protobuf::MessageExts::ClassMethods
- Includes:
- Protobuf::MessageExts
- Defined in:
- proto_docs/google/cloud/binaryauthorization/v1/resources.rb
Overview
A public key in the PkixPublicKey format. Public keys of this type are typically textually encoded using the PEM format.
Defined Under Namespace
Modules: SignatureAlgorithm
Instance Attribute Summary collapse
-
#key_id ⇒ ::String
Optional.
-
#public_key_pem ⇒ ::String
A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13.
-
#signature_algorithm ⇒ ::Google::Cloud::BinaryAuthorization::V1::PkixPublicKey::SignatureAlgorithm
The signature algorithm used to verify a message against a signature using this key.
Instance Attribute Details
#key_id ⇒ ::String
Returns Optional. The ID of this public key.
Signatures verified by Binary Authorization must include the ID of the
public key that can be used to verify them. The ID must match exactly
contents of the key_id field exactly.
The ID may be explicitly provided by the caller, but it MUST be a valid
RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used
in the context of a wrapper (see next paragraph), a default key ID will be
computed based on the digest of the DER encoding of the public key.
If this PkixPublicKey is used in the context of a wrapper that has its
own notion of key ID (e.g. AttestorPublicKey), then this field can
either match that value exactly, or be left blank, in which case it behaves
exactly as though it is equal to that wrapper value.
311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 |
# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 311 class PkixPublicKey include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Represents a signature algorithm and other information necessary to verify # signatures with a given public key. # This is based primarily on the public key types supported by Tink's # PemKeyType, which is in turn based on KMS's supported signing # [algorithms](https://cloud.google.com/kms/docs/algorithms). In the future, # Binary Authorization might support additional public key types # independently of Tink and/or KMS. module SignatureAlgorithm # Not specified. SIGNATURE_ALGORITHM_UNSPECIFIED = 0 # RSASSA-PSS 2048 bit key with a SHA256 digest. RSA_PSS_2048_SHA256 = 1 # RSASSA-PSS 2048 bit key with a SHA256 digest. RSA_SIGN_PSS_2048_SHA256 = 1 # RSASSA-PSS 3072 bit key with a SHA256 digest. RSA_PSS_3072_SHA256 = 2 # RSASSA-PSS 3072 bit key with a SHA256 digest. RSA_SIGN_PSS_3072_SHA256 = 2 # RSASSA-PSS 4096 bit key with a SHA256 digest. RSA_PSS_4096_SHA256 = 3 # RSASSA-PSS 4096 bit key with a SHA256 digest. RSA_SIGN_PSS_4096_SHA256 = 3 # RSASSA-PSS 4096 bit key with a SHA512 digest. RSA_PSS_4096_SHA512 = 4 # RSASSA-PSS 4096 bit key with a SHA512 digest. RSA_SIGN_PSS_4096_SHA512 = 4 # RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest. RSA_SIGN_PKCS1_2048_SHA256 = 5 # RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest. RSA_SIGN_PKCS1_3072_SHA256 = 6 # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest. RSA_SIGN_PKCS1_4096_SHA256 = 7 # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest. RSA_SIGN_PKCS1_4096_SHA512 = 8 # ECDSA on the NIST P-256 curve with a SHA256 digest. ECDSA_P256_SHA256 = 9 # ECDSA on the NIST P-256 curve with a SHA256 digest. EC_SIGN_P256_SHA256 = 9 # ECDSA on the NIST P-384 curve with a SHA384 digest. ECDSA_P384_SHA384 = 10 # ECDSA on the NIST P-384 curve with a SHA384 digest. EC_SIGN_P384_SHA384 = 10 # ECDSA on the NIST P-521 curve with a SHA512 digest. ECDSA_P521_SHA512 = 11 # ECDSA on the NIST P-521 curve with a SHA512 digest. EC_SIGN_P521_SHA512 = 11 # ML-DSA-65 Post-Quantum Cryptography signature algorithm. ML_DSA_65 = 13 end end |
#public_key_pem ⇒ ::String
Returns A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13.
311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 |
# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 311 class PkixPublicKey include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Represents a signature algorithm and other information necessary to verify # signatures with a given public key. # This is based primarily on the public key types supported by Tink's # PemKeyType, which is in turn based on KMS's supported signing # [algorithms](https://cloud.google.com/kms/docs/algorithms). In the future, # Binary Authorization might support additional public key types # independently of Tink and/or KMS. module SignatureAlgorithm # Not specified. SIGNATURE_ALGORITHM_UNSPECIFIED = 0 # RSASSA-PSS 2048 bit key with a SHA256 digest. RSA_PSS_2048_SHA256 = 1 # RSASSA-PSS 2048 bit key with a SHA256 digest. RSA_SIGN_PSS_2048_SHA256 = 1 # RSASSA-PSS 3072 bit key with a SHA256 digest. RSA_PSS_3072_SHA256 = 2 # RSASSA-PSS 3072 bit key with a SHA256 digest. RSA_SIGN_PSS_3072_SHA256 = 2 # RSASSA-PSS 4096 bit key with a SHA256 digest. RSA_PSS_4096_SHA256 = 3 # RSASSA-PSS 4096 bit key with a SHA256 digest. RSA_SIGN_PSS_4096_SHA256 = 3 # RSASSA-PSS 4096 bit key with a SHA512 digest. RSA_PSS_4096_SHA512 = 4 # RSASSA-PSS 4096 bit key with a SHA512 digest. RSA_SIGN_PSS_4096_SHA512 = 4 # RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest. RSA_SIGN_PKCS1_2048_SHA256 = 5 # RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest. RSA_SIGN_PKCS1_3072_SHA256 = 6 # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest. RSA_SIGN_PKCS1_4096_SHA256 = 7 # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest. RSA_SIGN_PKCS1_4096_SHA512 = 8 # ECDSA on the NIST P-256 curve with a SHA256 digest. ECDSA_P256_SHA256 = 9 # ECDSA on the NIST P-256 curve with a SHA256 digest. EC_SIGN_P256_SHA256 = 9 # ECDSA on the NIST P-384 curve with a SHA384 digest. ECDSA_P384_SHA384 = 10 # ECDSA on the NIST P-384 curve with a SHA384 digest. EC_SIGN_P384_SHA384 = 10 # ECDSA on the NIST P-521 curve with a SHA512 digest. ECDSA_P521_SHA512 = 11 # ECDSA on the NIST P-521 curve with a SHA512 digest. EC_SIGN_P521_SHA512 = 11 # ML-DSA-65 Post-Quantum Cryptography signature algorithm. ML_DSA_65 = 13 end end |
#signature_algorithm ⇒ ::Google::Cloud::BinaryAuthorization::V1::PkixPublicKey::SignatureAlgorithm
Returns The signature algorithm used to verify a message against a signature using
this key.
These signature algorithm must match the structure and any object
identifiers encoded in public_key_pem (i.e. this algorithm must match
that of the public key).
311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 |
# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 311 class PkixPublicKey include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # Represents a signature algorithm and other information necessary to verify # signatures with a given public key. # This is based primarily on the public key types supported by Tink's # PemKeyType, which is in turn based on KMS's supported signing # [algorithms](https://cloud.google.com/kms/docs/algorithms). In the future, # Binary Authorization might support additional public key types # independently of Tink and/or KMS. module SignatureAlgorithm # Not specified. SIGNATURE_ALGORITHM_UNSPECIFIED = 0 # RSASSA-PSS 2048 bit key with a SHA256 digest. RSA_PSS_2048_SHA256 = 1 # RSASSA-PSS 2048 bit key with a SHA256 digest. RSA_SIGN_PSS_2048_SHA256 = 1 # RSASSA-PSS 3072 bit key with a SHA256 digest. RSA_PSS_3072_SHA256 = 2 # RSASSA-PSS 3072 bit key with a SHA256 digest. RSA_SIGN_PSS_3072_SHA256 = 2 # RSASSA-PSS 4096 bit key with a SHA256 digest. RSA_PSS_4096_SHA256 = 3 # RSASSA-PSS 4096 bit key with a SHA256 digest. RSA_SIGN_PSS_4096_SHA256 = 3 # RSASSA-PSS 4096 bit key with a SHA512 digest. RSA_PSS_4096_SHA512 = 4 # RSASSA-PSS 4096 bit key with a SHA512 digest. RSA_SIGN_PSS_4096_SHA512 = 4 # RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest. RSA_SIGN_PKCS1_2048_SHA256 = 5 # RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest. RSA_SIGN_PKCS1_3072_SHA256 = 6 # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest. RSA_SIGN_PKCS1_4096_SHA256 = 7 # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest. RSA_SIGN_PKCS1_4096_SHA512 = 8 # ECDSA on the NIST P-256 curve with a SHA256 digest. ECDSA_P256_SHA256 = 9 # ECDSA on the NIST P-256 curve with a SHA256 digest. EC_SIGN_P256_SHA256 = 9 # ECDSA on the NIST P-384 curve with a SHA384 digest. ECDSA_P384_SHA384 = 10 # ECDSA on the NIST P-384 curve with a SHA384 digest. EC_SIGN_P384_SHA384 = 10 # ECDSA on the NIST P-521 curve with a SHA512 digest. ECDSA_P521_SHA512 = 11 # ECDSA on the NIST P-521 curve with a SHA512 digest. EC_SIGN_P521_SHA512 = 11 # ML-DSA-65 Post-Quantum Cryptography signature algorithm. ML_DSA_65 = 13 end end |