Evidence Envelope

JFrog Artifactory Documentation

Products

JFrog Artifactory

Content Type

User Guide

ft:sourceType

Paligo

The outer layer of an evidence file is a DSSE envelope, as shown below. It consists of a Base64-encoded payload and a signature.

{
    "payload": "{base64(serialized-Payload)}",
    "payloadType": "application/vnd.in-toto+json",
    "signatures": [
        {
            "keyid": "{key-id}",
            "sig": "{base64(signature)}"
        }
    ]
}

The envelope is comprised of the following elements:

Property	Description
`payload`	Contains a Base64-encoded JSON, as described in Evidence Payload.
`payloadType`	The payload type for JFrog evidence is `application/vnd.in-toto+json`.
`signatures`	The key used to sign the evidence. The array includes the following mandatory elements: `keyid`: Signing key name `sig`: The signature, as calculated by the DSSE protocol