/signed-attestation

A library for signing in-toto attestations with OpenPubkey

Primary LanguageGoApache License 2.0Apache-2.0

Signed attestations with OpenPubkey

This library is for signing in-toto attestations with OpenPubkey.

Two functions are provided:

  • SignInTotoStatement takes an in-toto statement and returns a signed DSSE envelope.
  • VerifyInTotoEnvelope takes a signed DSSE envelope, verifies the signature, and returns the in-toto statement

That's it!