DefaultPolicy returns the default policy of the system.

GetUntrustedSignatureInformationWithoutVerifying extracts information available in an untrusted signature, WITHOUT doing any cryptographic verification.

NewEphemeralGPGSigningMechanism returns a new GPG/OpenPGP signing mechanism which recognizes _only_ public keys from the supplied blob, and returns the identities of these keys.

NewGPGSigningMechanism returns a new GPG/OpenPGP signing mechanism for the user’s default GPG configuration ($GNUPGHOME / ~/.gnupg) The caller must call .Close() on the returned SigningMechanism.

NewPolicyContext sets up and initializes a context for the specified policy.

NewPolicyFromBytes returns a policy parsed from the specified blob.

NewPolicyFromFile returns a policy configured in the specified file.

NewPRInsecureAcceptAnything returns a new "insecureAcceptAnything" PolicyRequirement.

NewPRMExactReference returns a new "exactReference" PolicyReferenceMatch.

NewPRMExactRepository returns a new "exactRepository" PolicyRepositoryMatch.

NewPRMMatchExact returns a new "matchExact" PolicyReferenceMatch.

NewPRMMatchRepoDigestOrExact returns a new "matchRepoDigestOrExact" PolicyReferenceMatch.

NewPRMMatchRepository returns a new "matchRepository" PolicyReferenceMatch.

NewPRReject returns a new "reject" PolicyRequirement.

NewPRSignedBaseLayer returns a new "signedBaseLayer" PolicyRequirement.

NewPRSignedByKeyData returns a new "signedBy" PolicyRequirement using a KeyData.

NewPRSignedByKeyPath returns a new "signedBy" PolicyRequirement using a KeyPath.

SignDockerManifest returns a signature for manifest as the specified dockerReference, using mech and keyIdentity.

VerifyDockerManifestSignature checks that unverifiedSignature uses expectedKeyIdentity to sign unverifiedManifest as expectedDockerReference, using mech.

SBKeyTypeGPGKeys refers to keys contained in a GPG keyring.

SBKeyTypeSignedByGPGKeys refers to keys signed by keys in a GPG keyring.

SBKeyTypeSignedByX509CAs refers to keys signed by one of the X.509 CAs FIXME: PEM, DER?.

SBKeyTypeX509Certificates refers to keys in a set of X.509 certificates FIXME: PEM, DER?.

InvalidSignatureError is returned when parsing an invalid signature.

Policy defines requirements for considering a signature, or an image, valid.

PolicyContext encapsulates a policy and possible cached state for speeding up its evaluation.

Signature is a parsed content of a signature.

UntrustedSignatureInformation is information available in an untrusted signature.

PolicyReferenceMatch specifies a set of image identities accepted in PolicyRequirement.

PolicyRequirement is a rule which must be satisfied by at least one of the signatures of an image.

SigningMechanism abstracts a way to sign binary blobs and verify their signatures.

InvalidPolicyFormatError is returned when parsing an invalid policy configuration.

PolicyRequirementError is an explanatory text for rejecting a signature or an image.

PolicyRequirements is a set of requirements applying to a set of images; each of them must be satisfied (though perhaps each by a different signature).

PolicyTransportScopes defines policies for images for a specific transport, for various scopes, the map keys.

SigningNotSupportedError is returned when trying to sign using a mechanism which does not support that.