Signstar Sign

Offers an executable for processing Signstar signing requests. Requests are created using signstar-request-signature and specify everything that is needed for creating an artifact signature.

The signstar-sign executable provided by this crate returns a Signstar signing response which contains a signature in protocol-specific framing.

Currently, only OpenPGP signatures are supported. However, both request and response format are designed with extensibility in mind and other technologies can be integrated in the future.

Documentation

https://signstar.archlinux.page/rustdoc/signstar_sign/ for development version of the crate
https://docs.rs/signstar_sign/latest/signstar_sign/ for released versions of the crate

`signstar-sign`

The following command takes a signing request, encoded in JSON, and produces a JSON response. The JSON response contains a signature field, which is an armored OpenPGP signature.

signstar-sign < ../signstar-request-signature/tests/sample-request.json | jq --raw-output .signature | rsop dearmor | rpacket dump

Features

_containerized-integration-test: Integration tests that require a containerized test environment. NOTE: Unless you are developing this crate, you will very likely not want to use this feature.
mockhsm: Test environment and integration using a virtual YubiHSM2 (implies the yubihsm2 feature). NOTE: Unless you are developing this crate, you will very likely not want to use this feature. WARNING: This feature requires building in debug mode (see signstar#288)!
yubihsm2: For YubiHSM2 support.

Contributing

Please refer to the contributing guidelines to learn how to contribute to this project.

License

This project may be used under the terms of the Apache-2.0 or MIT license.

Changes to this project - unless stated otherwise - automatically fall under the terms of both of the aforementioned licenses.

Keyboard shortcuts