stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
e716bc6adca8d1a3ac5a24ad491e5fa99e31cf1c
git.stella-ops.org/docs/features/unchecked/airgap/dsse-receipt-schema-for-authority-sbomer-vexer-flows.md

1.5 KiB
Raw Blame History

DSSE/Receipt Schema for Authority/Sbomer/Vexer Flows

Module

AirGap

Status

IMPLEMENTED

Description

DSSE envelope signing/verification across multiple modules with schema types, SPDX3 integration, and air-gap bundle signing. The receipt schema supports Authority, Sbomer, and Vexer flows.

Implementation Details

  • DSSE signing: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Signing/DsseEnvelope.cs, DsseSignature.cs, ProofChainSigner.Verification.cs
  • DSSE SPDX3: src/Attestor/__Libraries/StellaOps.Attestor.Spdx3/DsseSpdx3Envelope.cs, DsseSpdx3Signature.cs, DsseSpdx3Signer.SignAsync.cs, DsseSpdx3Signer.Verify.cs
  • DSSE verification: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Verification/DsseSignatureVerificationStep.cs
  • Importer DSSE parsing: src/AirGap/StellaOps.AirGap.Importer/Reconciliation/Parsers/DsseAttestationParser.cs
  • Receipt models: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Receipts/VerificationReceipt.cs, VerificationResult.cs, VerificationCheck.cs, VerificationContext.cs
  • Signing profiles: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Signing/SigningKeyProfile.cs
  • Source: Feature matrix scan

E2E Test Plan

  • Verify DSSE envelope creation for Authority/Sbomer/Vexer flows
  • Test DSSE signature verification with multiple key profiles
  • Verify receipt schema captures all required verification checks
  • Test SPDX3 DSSE integration