Reference documentation and code samples for the Grafeas V1 API class Grafeas::V1::Signature.
Verifiers (e.g. Kritis implementations) MUST verify signatures
with respect to the trust anchors defined in policy (e.g. a Kritis policy).
Typically this means that the verifier has been configured with a map from
public_key_id to public key material (and any required parameters, e.g.
signing algorithm).
In particular, verification implementations MUST NOT treat the signature
public_key_id as anything more than a key lookup hint. The public_key_id
DOES NOT validate or authenticate a public key; it only provides a mechanism
for quickly selecting a public key ALREADY CONFIGURED on the verifier through
a trusted channel. Verification implementations MUST reject signatures in any
of the following circumstances:
The public_key_id is not recognized by the verifier.
The public key that public_key_id refers to does not verify the
signature with respect to the payload.
The signature contents SHOULD NOT be "attached" (where the payload is
included with the serialized signature bytes). Verifiers MUST ignore any
"attached" payload and only verify signatures with respect to explicitly
provided payload (e.g. a payload field on the proto message that holds
this Signature, or the canonical serialization of the proto message that
holds this signature).
Inherits
Object
Extended By
Google::Protobuf::MessageExts::ClassMethods
Includes
Google::Protobuf::MessageExts
Methods
#public_key_id
defpublic_key_id()->::String
Returns
(::String) —
The identifier for the public key that verifies this signature.
The public_key_id is required.
The public_key_id SHOULD be an RFC3986 conformant URI.
When possible, the public_key_id SHOULD be an immutable reference,
such as a cryptographic digest.
Examples of valid public_key_ids:
OpenPGP V4 public key fingerprint:
"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA"
See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more
details on this scheme.
RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER
serialization):
The identifier for the public key that verifies this signature.
The public_key_id is required.
The public_key_id SHOULD be an RFC3986 conformant URI.
When possible, the public_key_id SHOULD be an immutable reference,
such as a cryptographic digest.
Examples of valid public_key_ids:
OpenPGP V4 public key fingerprint:
"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA"
See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more
details on this scheme.
RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER
serialization):
The identifier for the public key that verifies this signature.
The public_key_id is required.
The public_key_id SHOULD be an RFC3986 conformant URI.
When possible, the public_key_id SHOULD be an immutable reference,
such as a cryptographic digest.
Examples of valid public_key_ids:
OpenPGP V4 public key fingerprint:
"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA"
See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more
details on this scheme.
RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER
serialization):
(::String) — The content of the signature, an opaque bytestring.
The payload that this signature verifies MUST be unambiguously provided
with the Signature during verification. A wrapper message might provide
the payload explicitly. Alternatively, a message might have a canonical
serialization that can always be unambiguously computed to derive the
payload.
#signature=
defsignature=(value)->::String
Parameter
value (::String) — The content of the signature, an opaque bytestring.
The payload that this signature verifies MUST be unambiguously provided
with the Signature during verification. A wrapper message might provide
the payload explicitly. Alternatively, a message might have a canonical
serialization that can always be unambiguously computed to derive the
payload.
Returns
(::String) — The content of the signature, an opaque bytestring.
The payload that this signature verifies MUST be unambiguously provided
with the Signature during verification. A wrapper message might provide
the payload explicitly. Alternatively, a message might have a canonical
serialization that can always be unambiguously computed to derive the
payload.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Grafeas V1 API - Class Grafeas::V1::Signature (v1.4.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.4.0 (latest)](/ruby/docs/reference/grafeas-v1/latest/Grafeas-V1-Signature)\n- [1.3.1](/ruby/docs/reference/grafeas-v1/1.3.1/Grafeas-V1-Signature)\n- [1.2.0](/ruby/docs/reference/grafeas-v1/1.2.0/Grafeas-V1-Signature)\n- [1.1.1](/ruby/docs/reference/grafeas-v1/1.1.1/Grafeas-V1-Signature)\n- [1.0.0](/ruby/docs/reference/grafeas-v1/1.0.0/Grafeas-V1-Signature)\n- [0.16.1](/ruby/docs/reference/grafeas-v1/0.16.1/Grafeas-V1-Signature)\n- [0.15.0](/ruby/docs/reference/grafeas-v1/0.15.0/Grafeas-V1-Signature)\n- [0.14.2](/ruby/docs/reference/grafeas-v1/0.14.2/Grafeas-V1-Signature)\n- [0.13.0](/ruby/docs/reference/grafeas-v1/0.13.0/Grafeas-V1-Signature)\n- [0.12.1](/ruby/docs/reference/grafeas-v1/0.12.1/Grafeas-V1-Signature)\n- [0.11.0](/ruby/docs/reference/grafeas-v1/0.11.0/Grafeas-V1-Signature)\n- [0.10.0](/ruby/docs/reference/grafeas-v1/0.10.0/Grafeas-V1-Signature)\n- [0.9.0](/ruby/docs/reference/grafeas-v1/0.9.0/Grafeas-V1-Signature)\n- [0.8.0](/ruby/docs/reference/grafeas-v1/0.8.0/Grafeas-V1-Signature)\n- [0.7.0](/ruby/docs/reference/grafeas-v1/0.7.0/Grafeas-V1-Signature)\n- [0.6.1](/ruby/docs/reference/grafeas-v1/0.6.1/Grafeas-V1-Signature)\n- [0.5.0](/ruby/docs/reference/grafeas-v1/0.5.0/Grafeas-V1-Signature)\n- [0.4.0](/ruby/docs/reference/grafeas-v1/0.4.0/Grafeas-V1-Signature)\n- [0.3.1](/ruby/docs/reference/grafeas-v1/0.3.1/Grafeas-V1-Signature) \nReference documentation and code samples for the Grafeas V1 API class Grafeas::V1::Signature.\n\nVerifiers (e.g. Kritis implementations) MUST verify signatures\nwith respect to the trust anchors defined in policy (e.g. a Kritis policy).\nTypically this means that the verifier has been configured with a map from\n`public_key_id` to public key material (and any required parameters, e.g.\nsigning algorithm).\n\n\nIn particular, verification implementations MUST NOT treat the signature\n`public_key_id` as anything more than a key lookup hint. The `public_key_id`\nDOES NOT validate or authenticate a public key; it only provides a mechanism\nfor quickly selecting a public key ALREADY CONFIGURED on the verifier through\na trusted channel. Verification implementations MUST reject signatures in any\nof the following circumstances:\n\n- The `public_key_id` is not recognized by the verifier.\n- The public key that `public_key_id` refers to does not verify the signature with respect to the payload.\n\n\u003cbr /\u003e\n\nThe `signature` contents SHOULD NOT be \"attached\" (where the payload is\nincluded with the serialized `signature` bytes). Verifiers MUST ignore any\n\"attached\" payload and only verify signatures with respect to explicitly\nprovided payload (e.g. a `payload` field on the proto message that holds\nthis Signature, or the canonical serialization of the proto message that\nholds this signature). \n\nInherits\n--------\n\n- Object \n\nExtended By\n-----------\n\n- Google::Protobuf::MessageExts::ClassMethods \n\nIncludes\n--------\n\n- Google::Protobuf::MessageExts\n\nMethods\n-------\n\n### #public_key_id\n\n def public_key_id() -\u003e ::String\n\n**Returns**\n\n- (::String) --- The identifier for the public key that verifies this signature.\n\n - The `public_key_id` is required.\n - The `public_key_id` SHOULD be an RFC3986 conformant URI.\n - When possible, the `public_key_id` SHOULD be an immutable reference, such as a cryptographic digest.\n\n Examples of valid `public_key_id`s:\n\n OpenPGP V4 public key fingerprint:\n - \"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA\" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.\n\n RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER\n serialization):\n - \"ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU\"\n - \"nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5\"\n\n### #public_key_id=\n\n def public_key_id=(value) -\u003e ::String\n\n**Parameter**\n\n- **value** (::String) ---\n\n The identifier for the public key that verifies this signature.\n - The `public_key_id` is required.\n - The `public_key_id` SHOULD be an RFC3986 conformant URI.\n - When possible, the `public_key_id` SHOULD be an immutable reference, such as a cryptographic digest.\n\n Examples of valid `public_key_id`s:\n\n OpenPGP V4 public key fingerprint:\n - \"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA\" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.\n\n RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER\n serialization):\n - \"ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU\"\n- \"nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5\" \n**Returns**\n\n- (::String) --- The identifier for the public key that verifies this signature.\n\n - The `public_key_id` is required.\n - The `public_key_id` SHOULD be an RFC3986 conformant URI.\n - When possible, the `public_key_id` SHOULD be an immutable reference, such as a cryptographic digest.\n\n Examples of valid `public_key_id`s:\n\n OpenPGP V4 public key fingerprint:\n - \"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA\" See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.\n\n RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER\n serialization):\n - \"ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU\"\n - \"nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5\"\n\n### #signature\n\n def signature() -\u003e ::String\n\n**Returns**\n\n- (::String) --- The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.\n\n### #signature=\n\n def signature=(value) -\u003e ::String\n\n**Parameter**\n\n- **value** (::String) --- The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload. \n**Returns**\n\n- (::String) --- The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload."]]
