Google App Engine's Go runtime has a SignBytes function, a PublicCertificates function, and a Certificate structure.
func SignBytes
func SignBytes(c Context, bytes []byte) (keyName string, signature []byte, err error)
SignBytes signs bytes using a private key unique to your application.
func PublicCertificates
func PublicCertificates(c Context) ([]Certificate, error)
PublicCertificates retrieves the public certificates for the app. They can be used to verify a signature returned by SignBytes.
type Certificate
type Certificate struct { KeyName string Data []byte // PEM-encoded X.509 certificate }
Certificate represents a public certificate for the app.
It's clear that the application is expected to iterate through the public certificates to verify the signature. But it is not clear how the signature is generate or verified. Go's rsa package has two functions to verify signatures, VerifyPKCS1v15 and VerifyPSS, and each of those functions takes a crypto.Hash identifier as a parameter. Currently, there are 15 different hash identifiers (e.g., crypto.MD5, crypto.SHA256) giving 2x15=30 combinations of verification function and hash identifier.
How is the signature produced by SignBytes verified?