Try   HackMD

Notation Blob Verification

Option 1 (Preferred as disccussed)

type BlobVerifierVerifyOptions struct {
	// SignatureMediaType is the envelope type of the signature.
	// Currently only `application/jose+json` and `application/cose` are
	// supported.
	SignatureMediaType string

	// PluginConfig is a map of plugin configs.
	PluginConfig map[string]string

	// UserMetadata contains key-value pairs that must be present in the
	// signature.
	UserMetadata map[string]string
}

type BlobVerifier interface {
	VerifyBlob(ctx context.Context, descGenFunc BlobDescriptorGenerator, signature []byte, opts BlobVerifierVerifyOptions) (*VerificationOutcome, error)
}

type BlobDescriptorGenerator func(digest.Algorithm) (ocispec.Descriptor, error)


type BlobVerifyOptions struct {
	BlobVerifierVerifyOptions
    
	// ContentMediaType is the media-type type of the content being verified.
	ContentMediaType string
}

func VerifyBlob(ctx context.Context, verifier Verifier, blobReader io.Reader, signature []byte, verifyBlobOpts BlobVerifyOptions) (ocispec.Descriptor, []*VerificationOutcome, error)

The idea here was that in BlobVerifier implementation we will compare the descriptor returned by BlobDescriptorGenerator with the descriptor in the signature. However, this approach doesn't work because we cannot create the correct descriptor from the blob (io.reader) since we don't know the blob's media type and user defined metadata. The blob media type and user metadata are optional parameters in Notation, and users can choose not to pass them during verification.

Selectively comparing descriptor fields is not accurate because the BlobVerifier's VerifyBlob method gives the impression that we are comparing the complete descriptor.

Option 2

// same as BlobVerifierVerifyOptions but we want to keep it seperate because
// both can evolve independently
type BlobVerifierOptions struct {
	// SignatureMediaType is the envelope type of the signature.
	// Currently only `application/jose+json` and `application/cose` are
	// supported.
	SignatureMediaType string

	// ContentMediaType is the media-type type of the content being verified.
	ContentMediaType string

	// PluginConfig is a map of plugin configs.
	PluginConfig map[string]string

	// UserMetadata contains key-value pairs that must be present in the
	// signature.
	UserMetadata map[string]string
}

type BlobVerifier interface {
	VerifyBlob(ctx context.Context, blobReader io.Reader, signature []byte, opts BlobVerifierOptions) (*VerificationOutcome, error)
}
type BlobDescriptorGenerator func(digest.Algorithm) (ocispec.Descriptor, error)


type BlobVerifierVerifyOptions struct {
	// SignatureMediaType is the envelope type of the signature.
	// Currently only `application/jose+json` and `application/cose` are
	// supported.
	SignatureMediaType string

	// ContentMediaType is the media-type type of the content being verified.
	ContentMediaType string

	// PluginConfig is a map of plugin configs.
	PluginConfig map[string]string

	// UserMetadata contains key-value pairs that must be present in the
	// signature.
	UserMetadata map[string]string
}

func VerifyBlob(ctx context.Context, verifier Verifier, blobReader io.Reader, signatures [][]byte, verifyBlobOpts BlobVerifierVerifyOptions) (ocispec.Descriptor, []*VerificationOutcome, error)

The idea here is that BlobVerifier implementation will calculate hash out of blob and compare the hash with the hash stored in signature descriptor. And yes, we will also support comparing on mediatype and user defined metata if user choose to pass them in verify command.

Option 3 (by Patrick)

type BlobVerifierVerifyOptions struct {
	// SignatureMediaType is the envelope type of the signature.
	// Currently only `application/jose+json` and `application/cose` are
	// supported.
	SignatureMediaType string

	// PluginConfig is a map of plugin configs.
	PluginConfig map[string]string

	// UserMetadata contains key-value pairs that must be present in the
	// signature.
	UserMetadata map[string]string
    
        // TrustPolicyName is the name of trust policy picked by caller.
        // If empty, the global trust policy will be used.
        // This is mainly for non-CLI notation-go users, who do not have a UI to
        // specify trust policy name directly.
	TrustPolicyName string
}

type BlobVerifier interface {
	VerifyBlob(ctx context.Context, descGenFunc BlobDescriptorGenerator, signature []byte, opts BlobVerifierVerifyOptions) (*VerificationOutcome, error)
}

type BlobDescriptorGenerator func(digest.Algorithm) (ocispec.Descriptor, error)


type BlobVerifyOptions struct {
	BlobVerifierVerifyOptions
    
	// ContentMediaType is the media-type type of the content being verified.
	ContentMediaType string
}

func VerifyBlob(ctx context.Context, verifier Verifier, blobReader io.Reader, signature []byte, verifyBlobOpts BlobVerifyOptions) (ocispec.Descriptor, []*VerificationOutcome, error)

An improvement based on option 1. Added TrustPolicyName field to BlobVerifierVerifyOptions.

Last changed by 
Pritesh Bandi
13
255

Read more

Sign arbitrary data

To support signing of

Oct 28, 2023
Notation Debug Logs

➜ ./notation verify $IMAGE -d Warning: Always sign the artifact using digest(`@sha256:...`) rather than a tag(`:v1`) because tags are mutable and a tag reference can point to a different artifact than the one signed Resolved artifact tag `v1` to digest `sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47` before signing INFO[2022-12-02T13:14:39+08:00] passing a nil signature to check 'skip' level DEBU[2022-12-02T13:14:39+08:00] verify signature against artifact referenced as localhost:5000/net-monitor@sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47 DEBU[2022-12-02T13:14:39+08:00] verification level: &{Name:strict Enforcement:map[authenticTimestamp:enforce authenticity:enforce expiry:enforce integrity:enforce revocation:enforce]} ERRO[2022-12-02T13:14:39+08:00] integrity validation failed. Failure reason: unable to parse the digital signature, error : signature envelope format with media type "" is not supported INFO[2022-12-02T13:14:39+08:00] check over. not 'skip' level DEBU[2022-12-02T13:14:39+08:00] Request URL: "http://localhost:5000/v2/net-monitor/manifests/sha256:cd5eef6b6a6750c9850a8d7b1a5435f35f1a1808d66c74e265f6b7ec290bea47" DEBU[2022-12-02T13:14:39+08:00] Request method: "HEAD"

Mar 14, 2023
[Draft] Verification extensibility

This is a continuation of [Draft] Notation Extensibility for Signing and Verification doc. Requirements The plugin's verification API MUST be signature envelope format agnostic and MUST work seamlessly with different signature envelope formats. If signature needs plugin for verification then the signature MUST convey plugin name and version required for verification. During signature verification, if the required plugin is unavailable then Notary v2 MUST fails the signature verification. :::info PR Begins - This is in early brainstorming stage

Feb 5, 2022
[OLD] Trust Anchors

:::danger This is outdated and content has been moved to https://github.com/notaryproject/notaryproject/pull/132 ::: Update trust policy to support verification of OCI artifact signed using publicly trusted codesigning certificates. The certificates issued by CAs that are publicly trusted(abides by CAB forum guidelines and trusted by many operating systems) are referred to as publicly trusted certificates. Why do we need this change The user MUST be able to use a codesigning certificate issued from publicly trusted CAs e.g. Digicert, Entrust, Verisign, etc to sign and verify OCI artifacts. Publicly trusted CAs issue codesigning certificates to various entities from the same CA, the only way for a consumer to verify that the artifact came from a specific publisher is to pin(in trust-policy) on the publisher's signing certificate. Signing certificates have limited validity and it's recommended to rotate keys periodically. If consumer pins on the publisher's signing certificate, the rotation of the publisher's singing certificate will require all consumers to update the trust policy to pin on the new certificate.

Feb 4, 2022
Read more from Pritesh Bandi
Published on HackMD