Try   HackMD

[Draft] Verification extensibility

This is a continuation of [Draft] Notation Extensibility for Signing and Verification doc.

Requirements

  • The plugin's verification API MUST be signature envelope format agnostic and MUST work seamlessly with different signature envelope formats.
  • If signature needs plugin for verification then the signature MUST convey plugin name and version required for verification.
  • During signature verification, if the required plugin is unavailable then Notary v2 MUST fails the signature verification.

PR Begins - This is in early brainstorming stage

Plugin installation and config

  • Using the signature metadata, the signature MUST specify weather a plugin is required for a signature verification or not. <Link to sig specification doc>.











// Descriptor
{
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "digest": "sha256:73c803930ea3ba1e54bc25c2bdc53edd0284c62ed651fe7b00369da519a3c333",
  "size": 16724,
  "annotations": {
     "org.cncf.notary.signature.plugin.identifier": "${name}-${version}",
     "org.cncf.notary.signature.plugin.required": "true | false",
     ...
  }
}

Plugin metadata












{
  // List of one or more capabilities supported by plugin.
  // SIGNATURE_GENERATOR and SIGNATURE_ENVELOPE_GENERATOR are mutually exclusive
  // only one can be specified.
  //  SIGNATURE_GENERATOR
  //  SIGNATURE_ENVELOPE_GENERATOR
  //  SIGNATURE_VERIFIER
  "capabilities" : [
    
  ]
}

capabilities - This is list of major features supported by a plugin. Each capability such as SIGNATURE_ENVELOPE_GENERATOR requires one of more commands to be implemented by the plugin. When new features are available for plugins to implement, an implementation may choose to not implement it, and therefore will not include the feature in capabililies. Notation will evaluate the capability required to satisfy a user’s request, and reject the request if the plugin does not support the required capability.

Verification interface

Requirements

  • The interface MUST NOT be tied to a specific signature envelope format.

Notation will support plugins to be developed against the Signature Verifier interface. These interface target abstraction levels that satisfy most plugin integration scenarios.

Signature Verifier

This interface allows a plugin publisher to perform custom validations on the artifact's signature. The custom validations supplements the default notary v2 signature validations. The plugin must ve signature envelope format agnostic but should have access to all the .

During signature verification, if the required plugin is unavailable then Notary v2 MUST fails the signature verification.

This interface allows plugins to have full control over the generated signature envelope, and can append additional signed and unsigned metadata, including timestamp signatures. The plugin must be signature envelope format aware, and implement new formats when Notary adopts new formats.

Signing workflow using plugin

  1. Given a user request to sign image, with key
  2. Pull the image manifest using image url, and construct a descriptor
  3. Append any user provided metadata and Notary metadata as descriptor annotations.
  4. Determine if the registered key uses a plugin
  5. Execute the plugin with discover command
    1. If plugin supports capability SIGNATURE_ENVELOPE_GENERATOR
      1. Execute the plugin with generate-envelope command, set request.key to key definition (from /notation/config.json), request.payload to base64 encoded descriptor, request.payloadType to application/vnd.oci.descriptor.v1+json and request.signatureEnvelopeType to application/vnd.cncf.notary.v2.jws.v1.
      2. response.signatureEnvelope contains the base64 encoded signature envelope, value of response.signatureEnvelopeType MUST match request.signatureEnvelopeType.
      3. Generate a signature manifest for the given signature envelope, and append response.annotations to manifest annotations.
    2. Else if plugin supports capability SIGNATURE_GENERATOR (covered in previous section)
    3. Return an error

generate-envelope
Request















{
  "contract-version" : <major-version.minor-version>,
  
  // Complete key definition from /notation/config.JSON /signingKeys/keys with matching key name
  "key" : <key definition>, 

  "payload" : <Base64 encoded payload to be signed>,
  
  // The type of payload - currently a descriptor
  "payloadType" : "application/vnd.oci.descriptor.v1+json",
  
  // The expected response signature envelope
  "signatureEnvelopeType" : "application/vnd.cncf.notary.v2.jws.v1"
}

signatureEnvelopeType - defines the type of signature envelope expected from the plugin. As Notation clients need to be updated in order to parse and verify new signature formats, the default signature format can only be changed with new major version releases of Notation. Users however can opt into using an updated signature format supported by Notation, by passing an optional parameter.
e.g. notation sign $IMAGE --key {key-name} --signatureFormat {some-new-format}

Response











{
   "signatureEnvelope": <Base64 encoded signature envelope>,
   "signatureEnvelopeType" : "application/vnd.cncf.notary.v2.jws.v1"
   
  // Annotations to be appended to Signature Manifest annotations
  "annotations" : {
    "key1" : "value1",
    "key2" : "value2"
  }
}

This interface allows a plugin publisher to perform custom validations on the artifact's signature. The custom validations supplements the default notary v2 signature validations. The plugin is signature envelope format agnostic.

During signature verification, if the required plugin is unavailable then Notary v2 MUST fails the signature verification.

verify-signature**

Request













































{
  // The version of verify-signature interface
  "version": "<major-version.minor-version>",

  // The complete key definition from /notation/config.JSON 
  "key": "<keydefinition>",

  "signature": {
    // The signature envelope type - currently JWS
    "envelopeType": "application/jose+json"

    // The version of the signature envelope
    "version": "application/vnd.cncf.notary.v2.jws.v1",

    // The signature algoritm
    "algorithm": "<signature-algorithm>",

    // The signed playload
    "payload": "<Base64 encoded signed payload>",
    
    // The type of payload - currently a descriptor
    "payloadType": "application/vnd.oci.descriptor.v1+json",

    // The siged metadata
    "signedAttributes": {
      "notary": {
        "iat": <signing-time>,
        "exp": <signature-expiration-time>
      }
    },

    // The list of signing certificate used for signature verification
    "x509SigningCcertificates": [],

    // The list of timestamping certificate used for timestamp verification
    "x509TimestampingCertificates": []
  },

  // The repository URI of the artifact
  "artifactUri": "",
  
  // The complete trust policy with trust store inlined used for siganture evaluation
  "trustPolicy": ""
}

signatureEnvelopeType - defines the type of signature envelope expected from the plugin. As updated Notation clients are required to understand and verify new signature formats, the default signature format can only be changed with new major version releases of Notation. Users however can opt into using an updated signature format supported by Notation, by passing an optional parameter.
e.g. notation sign $IMAGE --key {key-name} --signatureFormat {some-new-format}

Response
The








{
  "warnings": [
    "<line1>",
    "<line2>",
    "<line3>"
  ]
}

Plugin exit codes:

  • zero
  • non-zero

CLI exit codes:

  • 0
  • 1 notary v2 verificaiton failed.
  • 2 plugin failed.

PR Ends

Milind

  • define error resposne; warning?
  • describe-key should not be tied to signature generation
Last changed by 
Pritesh Bandi
1
222

Read more

Untitled

// Verifier is a generic interface for verifying an artifact.type Verifier interface {// Verify verifies the signature blob signature against the target OCI// artifact with manifest descriptor desc, and returns the outcome upon// successful verification.// If nil signature is present and the verification level is not &#39;skip&#39;,// an error will be returned.Verify(ctx context.Context, desc ocispec.Descriptor, signature []byte, opts VerifierVerifyOptions) (*VerificationOutcome, error)}

Mar 18, 2024
Sign arbitrary data

To support signing of

Oct 28, 2023
Notation Debug Logs

➜ ./notation verify $IMAGE -d Warning: Always sign the artifact using digest(`@sha256:...`) rather than a tag(`:v1`) because tags are mutable and a tag reference can point to a different artifact than the one signed Resolved artifact tag `v1` to digest `sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47` before signing INFO[2022-12-02T13:14:39+08:00] passing a nil signature to check &apos;skip&apos; level DEBU[2022-12-02T13:14:39+08:00] verify signature against artifact referenced as localhost:5000/net-monitor@sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47 DEBU[2022-12-02T13:14:39+08:00] verification level: &amp;{Name:strict Enforcement:map[authenticTimestamp:enforce authenticity:enforce expiry:enforce integrity:enforce revocation:enforce]} ERRO[2022-12-02T13:14:39+08:00] integrity validation failed. Failure reason: unable to parse the digital signature, error : signature envelope format with media type &quot;&quot; is not supported INFO[2022-12-02T13:14:39+08:00] check over. not &apos;skip&apos; level DEBU[2022-12-02T13:14:39+08:00] Request URL: &quot;http://localhost:5000/v2/net-monitor/manifests/sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47&quot; DEBU[2022-12-02T13:14:39+08:00] Request method: &quot;HEAD&quot;

Mar 14, 2023
[OLD] Trust Anchors

:::danger This is outdated and content has been moved to https://github.com/notaryproject/notaryproject/pull/132 ::: Update trust policy to support verification of OCI artifact signed using publicly trusted codesigning certificates. The certificates issued by CAs that are publicly trusted(abides by CAB forum guidelines and trusted by many operating systems) are referred to as publicly trusted certificates. Why do we need this change The user MUST be able to use a codesigning certificate issued from publicly trusted CAs e.g. Digicert, Entrust, Verisign, etc to sign and verify OCI artifacts. Publicly trusted CAs issue codesigning certificates to various entities from the same CA, the only way for a consumer to verify that the artifact came from a specific publisher is to pin(in trust-policy) on the publisher&apos;s signing certificate. Signing certificates have limited validity and it&apos;s recommended to rotate keys periodically. If consumer pins on the publisher&apos;s signing certificate, the rotation of the publisher&apos;s singing certificate will require all consumers to update the trust policy to pin on the new certificate.

Feb 4, 2022
Read more from Pritesh Bandi
Published on HackMD