Class: Sigstore::Rekor::V1::InclusionPromise

Inherits:

Object

Object
Sigstore::Rekor::V1::InclusionPromise

show all

Extended by:: Protobug::Message

Defined in:: lib/sigstore/rekor/v1/sigstore_rekor_pb.rb

Overview

The inclusion promise is calculated by Rekor. It’s calculated as a signature over a canonical JSON serialization of the persisted entry, the log ID, log index and the integration timestamp. See github.com/sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/api/entries.go#L54 The format of the signature depends on the transparency log’s public key. If the signature algorithm requires a hash function and/or a signature scheme (e.g. RSA) those has to be retrieved out-of-band from the log’s operators, together with the public key. This is used to verify the integration timestamp’s value and that the log has promised to include the entry.