pub fn verify<R: Read>(
data: &mut R,
armored_sig: &str,
signer_identity: &str,
namespace: &str,
allowed: &AllowedSigners,
) -> Result<Verified, GitwayError>Expand description
Verifies that armored_sig is a valid SSHSIG over the bytes read from
data, in namespace, and that allowed authorizes signer_identity
to sign with the embedded public key.
This is the full ssh-keygen -Y verify equivalent: three independent
checks — cryptographic signature, namespace match, and principal
authorization.
§Errors
Returns GitwayError::signature_invalid on any failed check.