Azure.Security.CodeTransparency 1.0.0-beta.2

The ID prefix of this package has been reserved for one of the owners of this package by NuGet.org. Prefix Reserved
.NET Standard 2.0
This is a prerelease version of Azure.Security.CodeTransparency. 
dotnet add package Azure.Security.CodeTransparency --version 1.0.0-beta.2
NuGet\Install-Package Azure.Security.CodeTransparency -Version 1.0.0-beta.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Azure.Security.CodeTransparency" Version="1.0.0-beta.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add Azure.Security.CodeTransparency --version 1.0.0-beta.2
#r "nuget: Azure.Security.CodeTransparency, 1.0.0-beta.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
// Install Azure.Security.CodeTransparency as a Cake Addin
#addin nuget:?package=Azure.Security.CodeTransparency&version=1.0.0-beta.2&prerelease

// Install Azure.Security.CodeTransparency as a Cake Tool
#tool nuget:?package=Azure.Security.CodeTransparency&version=1.0.0-beta.2&prerelease

Azure Code Transparency client library for .NET

Azure.Security.CodeTransparency is based on a managed service complying with a draft SCITT RFC. It is a managed service that allows countersigning COSE signature envelopes. Countersignatures are recorded and signed in the immutable merkle tree for any auditing purposes and the receipt gets issued.

Getting started

Install the package

Make sure you have access to the correct NuGet Feed.

Install the client library for .NET with NuGet:

dotnet add package Azure.Security.CodeTransparency --prerelease

Prerequisites

  • A running and accessible Code Transparency Service
  • Ability to create COSE_Sign1 envelopes, an example script
  • Your signer details (CA cert or DID issuer) have to be configured in the running service, about available configuration
  • You can get a valid Bearer token if the service authentication is configured to require one, see example

Thread safety

We guarantee that all client instance methods are thread-safe and independent of each other (guideline). This ensures that the recommendation of reusing client instances is always safe, even across threads.

Authenticate the client

You can get a valid Bearer token if the service authentication is configured to require one, see example.

Examples

There are two main use cases for this service: submitting a cose signature envelope and verifying the cryptographic submission receipt. The receipt proves that the signature file was successfully accepted.

Before submitting the cose file, the service must be configured with the relevant Certificate Authority certificate to be able to accept it.

To submit the signature, use the following code:

CodeTransparencyClient client = new(new Uri("https://<< service name >>.confidential-ledger.azure.com"), null);
FileStream fileStream = File.OpenRead("signature.cose");
BinaryData content = BinaryData.FromStream(fileStream);
Operation<GetOperationResult> operation = await client.CreateEntryAsync(content);
Response<GetOperationResult> operationResult = await operation.WaitForCompletionAsync();
Console.WriteLine($"The entry id to use to get the entry and receipt is {{{operationResult.Value.EntryId}}}");
Response<BinaryData> signatureWithReceiptResponse = await client.GetEntryAsync(operationResult.Value.EntryId, true);
BinaryData signatureWithReceipt = signatureWithReceiptResponse.Value;
byte[] signatureWithReceiptBytes = signatureWithReceipt.ToArray();

Once you have the receipt and the signature, you can verify whether the signature was actually included in the Code Transparency service by running the receipt verification logic. The verifier checks if the receipt was issued for a given signature and if the receipt signature was endorsed by the service.

CcfReceiptVerifier.RunVerification(signatureWithReceiptBytes);

If the verification completes without exception, you can trust the signature and the receipt. This allows you to safely inspect the contents of the files, especially the contents of the payload embedded in a cose signature envelope.

To learn more about other APIs, please refer to our samples.

Key concepts

Client options | Accessing the response | Long-running operations | Handling failures | Diagnostics | Mocking | Client lifetime

Troubleshooting

Response values returned from Azure confidential ledger client methods are Response objects, which contain information about the http response such as the http Status property and a Headers object containing more information about the failure.

Next steps

For more extensive documentation, see the API reference documentation. You may also read more about Microsoft Research's open-source Confidential Consortium Framework.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit [cla.microsoft.com][cla].

This project has adopted the [Microsoft Open Source Code of Conduct][coc]. For more information see the [Code of Conduct FAQ][coc_faq] or contact [opencode@microsoft.com][coc_contact] with any additional questions or comments.

Working with the source code of this library. The following just builds on the existing documentation to make it more convenient.

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.0.0-beta.2 119 3/29/2024
1.0.0-beta.1 63 3/26/2024

https://github.com/Azure/azure-sdk-for-net/blob/Azure.Security.CodeTransparency_1.0.0-beta.2/sdk/confidentialledger/Azure.Security.CodeTransparency/CHANGELOG.md