public sealed class Signature : IMessage<Signature>, IEquatable<Signature>, IDeepCloneable<Signature>, IBufferMessage, IMessage
Reference documentation and code samples for the Grafeas v1 API class Signature.
Verifiers (e.g. Kritis implementations) MUST verify signatures
with respect to the trust anchors defined in policy (e.g. a Kritis policy).
Typically this means that the verifier has been configured with a map frompublic_key_idto public key material (and any required parameters, e.g.
signing algorithm).
In particular, verification implementations MUST NOT treat the signaturepublic_key_idas anything more than a key lookup hint. Thepublic_key_idDOES NOT validate or authenticate a public key; it only provides a mechanism
for quickly selecting a public key ALREADY CONFIGURED on the verifier through
a trusted channel. Verification implementations MUST reject signatures in any
of the following circumstances:
Thepublic_key_idis not recognized by the verifier.
The public key thatpublic_key_idrefers to does not verify the
signature with respect to the payload.
Thesignaturecontents SHOULD NOT be "attached" (where the payload is
included with the serializedsignaturebytes). Verifiers MUST ignore any
"attached" payload and only verify signatures with respect to explicitly
provided payload (e.g. apayloadfield on the proto message that holds
this Signature, or the canonical serialization of the proto message that
holds this signature).
The content of the signature, an opaque bytestring.
The payload that this signature verifies MUST be unambiguously provided
with the Signature during verification. A wrapper message might provide
the payload explicitly. Alternatively, a message might have a canonical
serialization that can always be unambiguously computed to derive the
payload.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis documentation covers the \u003ccode\u003eSignature\u003c/code\u003e class within the Grafeas v1 API, detailing its role in verifying signatures and its implementation as an interface.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eSignature\u003c/code\u003e class provides methods for verifying digital signatures using a public key, where the \u003ccode\u003epublic_key_id\u003c/code\u003e serves as a lookup hint for a pre-configured key on the verifier.\u003c/p\u003e\n"],["\u003cp\u003eThe verification process strictly relies on configured trust anchors and rejects signatures if the \u003ccode\u003epublic_key_id\u003c/code\u003e is unrecognized or if the key fails to verify the signature against the payload.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eSignature_\u003c/code\u003e property holds the signature's content as a bytestring, and the payload for verification must be explicitly provided or derived from a canonical serialization.\u003c/p\u003e\n"],["\u003cp\u003eThis API has multiple versions available, with version 3.7.0 as the latest version.\u003c/p\u003e\n"]]],[],null,["# Grafeas v1 API - Class Signature (3.10.0)\n\nVersion latestkeyboard_arrow_down\n\n- [3.10.0 (latest)](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.Signature)\n- [3.8.0](/dotnet/docs/reference/Grafeas.V1/3.8.0/Grafeas.V1.Signature)\n- [3.7.0](/dotnet/docs/reference/Grafeas.V1/3.7.0/Grafeas.V1.Signature)\n- [3.6.0](/dotnet/docs/reference/Grafeas.V1/3.6.0/Grafeas.V1.Signature)\n- [3.5.0](/dotnet/docs/reference/Grafeas.V1/3.5.0/Grafeas.V1.Signature)\n- [3.4.0](/dotnet/docs/reference/Grafeas.V1/3.4.0/Grafeas.V1.Signature)\n- [3.3.0](/dotnet/docs/reference/Grafeas.V1/3.3.0/Grafeas.V1.Signature)\n- [3.2.0](/dotnet/docs/reference/Grafeas.V1/3.2.0/Grafeas.V1.Signature)\n- [3.1.0](/dotnet/docs/reference/Grafeas.V1/3.1.0/Grafeas.V1.Signature)\n- [3.0.0](/dotnet/docs/reference/Grafeas.V1/3.0.0/Grafeas.V1.Signature)\n- [2.4.0](/dotnet/docs/reference/Grafeas.V1/2.4.0/Grafeas.V1.Signature)\n- [2.3.0](/dotnet/docs/reference/Grafeas.V1/2.3.0/Grafeas.V1.Signature)\n- [2.2.0](/dotnet/docs/reference/Grafeas.V1/2.2.0/Grafeas.V1.Signature) \n\n public sealed class Signature : IMessage\u003cSignature\u003e, IEquatable\u003cSignature\u003e, IDeepCloneable\u003cSignature\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Grafeas v1 API class Signature.\n\nVerifiers (e.g. Kritis implementations) MUST verify signatures\nwith respect to the trust anchors defined in policy (e.g. a Kritis policy).\nTypically this means that the verifier has been configured with a map from\n`public_key_id` to public key material (and any required parameters, e.g.\nsigning algorithm).\n\nIn particular, verification implementations MUST NOT treat the signature\n`public_key_id` as anything more than a key lookup hint. The `public_key_id`\nDOES NOT validate or authenticate a public key; it only provides a mechanism\nfor quickly selecting a public key ALREADY CONFIGURED on the verifier through\na trusted channel. Verification implementations MUST reject signatures in any\nof the following circumstances:\n\n- The `public_key_id` is not recognized by the verifier.\n- The public key that `public_key_id` refers to does not verify the signature with respect to the payload.\n\nThe `signature` contents SHOULD NOT be \"attached\" (where the payload is\nincluded with the serialized `signature` bytes). Verifiers MUST ignore any\n\"attached\" payload and only verify signatures with respect to explicitly\nprovided payload (e.g. a `payload` field on the proto message that holds\nthis Signature, or the canonical serialization of the proto message that\nholds this signature). \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e Signature \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[Signature](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.Signature), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[Signature](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.Signature), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[Signature](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.Signature), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Grafeas.V1](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1)\n\nAssembly\n--------\n\nGrafeas.V1.dll\n\nConstructors\n------------\n\n### Signature()\n\n public Signature()\n\n### Signature(Signature)\n\n public Signature(Signature other)\n\nProperties\n----------\n\n### PublicKeyId\n\n public string PublicKeyId { get; set; }\n\nThe identifier for the public key that verifies this signature.\n\n- The `public_key_id` is required.\n- The `public_key_id` SHOULD be an RFC3986 conformant URI.\n- When possible, the `public_key_id` SHOULD be an immutable reference, such as a cryptographic digest.\n\nExamples of valid `public_key_id`s:\n\nOpenPGP V4 public key fingerprint:\n\n- \"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA\" See \u003chttps://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr\u003e for more details on this scheme.\n\nRFC6920 digest-named SubjectPublicKeyInfo (digest of the DER\nserialization):\n\n- \"ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU\"\n- \"nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5\"\n\n### Signature_\n\n public ByteString Signature_ { get; set; }\n\nThe content of the signature, an opaque bytestring.\nThe payload that this signature verifies MUST be unambiguously provided\nwith the Signature during verification. A wrapper message might provide\nthe payload explicitly. Alternatively, a message might have a canonical\nserialization that can always be unambiguously computed to derive the\npayload."]]
