Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

pluginsign

package module

Go to main page

Versions in this module

v0

v0.1.2

Mar 3, 2026

v0.1.1

Mar 3, 2026

Changes in this version

+ const VerificationErrorCodeChecksumMismatch

+ const VerificationErrorCodeIncompatiblePluginAPIVersion

+ const VerificationErrorCodeIncompatibleRuntime

+ const VerificationErrorCodeInvalidChecksum

+ const VerificationErrorCodeInvalidCompatibility

+ const VerificationErrorCodeInvalidKeyID

+ const VerificationErrorCodeInvalidManifest

+ const VerificationErrorCodeInvalidManifestID

+ const VerificationErrorCodeInvalidManifestVersion

+ const VerificationErrorCodeInvalidPluginAPIVersion

+ const VerificationErrorCodeInvalidPublicKey

+ const VerificationErrorCodeInvalidRuntime

+ const VerificationErrorCodeInvalidSignature

+ const VerificationErrorCodeInvalidTrustStore

+ const VerificationErrorCodeRevokedKey

+ const VerificationErrorCodeUnknown

+ const VerificationErrorCodeUnknownKey

+ var ErrChecksumMismatch = errors.New("checksum mismatch")

+ var ErrIncompatiblePluginAPIVersion = errors.New("incompatible plugin api version")

+ var ErrIncompatibleRuntime = errors.New("incompatible runtime")

+ var ErrInvalidChecksum = errors.New("invalid checksum")

+ var ErrInvalidCompatibility = errors.New("invalid compatibility")

+ var ErrInvalidKeyID = errors.New("invalid key id")

+ var ErrInvalidManifest = errors.New("invalid manifest")

+ var ErrInvalidManifestID = errors.New("invalid manifest id")

+ var ErrInvalidManifestVersion = errors.New("invalid manifest version")

+ var ErrInvalidPluginAPIVersion = errors.New("invalid plugin api version")

+ var ErrInvalidPrivateKey = errors.New("invalid private key")

+ var ErrInvalidPublicKey = errors.New("invalid public key")

+ var ErrInvalidRuntime = errors.New("invalid runtime")

+ var ErrInvalidSignature = errors.New("invalid signature")

+ var ErrInvalidTrustStore = errors.New("invalid trust store")

+ var ErrRevokedKey = errors.New("revoked key")

+ var ErrTrustStoreDecodeFailed = errors.New("decode trust store file failed")

+ var ErrTrustStorePathRequired = errors.New("trust store path is required")

+ var ErrTrustStoreReadFailed = errors.New("read trust store file failed")

+ var ErrUnknownKey = errors.New("unknown trusted key")

+ func BuildCanonicalPayload(manifest Manifest, checksums map[string]string) ([]byte, error)

+ func MapVerificationErrorCode(err error) string

+ func ValidateManifest(manifest Manifest) error

+ func VerifyEd25519Signature(payload, signature []byte, publicKey ed25519.PublicKey) error

+ func VerifyInstall(req VerifyInstallRequest) error

+ func VerifySHA256(content []byte, expectedSHA256 string) error

+ type Compatibility struct

+ MaxPluginAPIVersion string

+ MinPluginAPIVersion string

+ type KeyPair struct

+ KeyID string

+ PrivateKey ed25519.PrivateKey

+ PublicKey ed25519.PublicKey

+ func GenerateKeyPair(keyID string) (*KeyPair, error)

+ func LoadPrivateKeyFromJSON(path string) (*KeyPair, error)

+ func (kp *KeyPair) ExportPrivateKeyBase64() string

+ func (kp *KeyPair) ExportPublicKeyBase64() string

+ func (kp *KeyPair) SavePrivateKeyJSON(path string) error

+ func (kp *KeyPair) SavePublicKeyJSON(path string) error

+ func (kp *KeyPair) Sign(payload []byte) ([]byte, error)

+ func (kp *KeyPair) SignManifest(manifest Manifest, checksums map[string]string) ([]byte, error)

+ type Manifest struct

+ Compatibility Compatibility

+ ID string

+ PluginAPIVersion string

+ Runtime string

+ SHA256 string

+ Version string

+ func (m Manifest) CheckHostCompatibility(hostRuntime, hostPluginAPIVersion string) error

+ type TrustStore struct

+ func LoadTrustStoreFromFiles(paths TrustStoreFileSet) (*TrustStore, error)

+ func NewTrustStore() *TrustStore

+ func (s *TrustStore) AddTrustedKey(keyID string, publicKey ed25519.PublicKey) error

+ func (s *TrustStore) IsRevoked(keyID string) bool

+ func (s *TrustStore) RevokeKey(keyID string)

+ func (s *TrustStore) VerifySignature(keyID string, payload, signature []byte) error

+ type TrustStoreFileSet struct

+ CommunityKeysPath string

+ OfficialKeysPath string

+ RevokedKeysPath string

+ type VerifyInstallRequest struct

+ ArtifactBytes []byte

+ Checksums map[string]string

+ HostPluginAPIVersion string

+ HostRuntime string

+ KeyID string

+ Manifest Manifest

+ Signature []byte

+ TrustStore *TrustStore