Cryptographic Signature

A cryptographic signature over a message or its headers, asserting origin and integrity.

Structure

Subclass of: gmeow:InformationObject

Use gmeow:CryptographicSignature as a specialized kind of gmeow:InformationObject. Add statement metadata or a standpoint when the assertion needs provenance, confidence, or vantage.

These snippets are generated from canonical slice examples and trimmed to the Turtle blocks where this term appears.

Source: slices/core/attestation/examples/software-release.ttl
Examples catalog: open in catalog#example-slices-core-attestation-examples-software-release

ex:sig a gmeow:CryptographicSignature ;
    gmeow:signatureAlgorithm "ecdsa-p256" ;
    gmeow:signedBy           ex:ciSystem .

Profile	External Targets
`intoto`	`https`

Generated from the canonical mapping DSL. SSSOM files are the generated public interchange form for term equivalences.

Source	Kind	Profile	Predicate/Relation	Target	Evidence
`gmeow:CryptographicSignature`	projection	`intoto`	projects to / <=	https://in-toto.io/Statement/v1#signature	`gmeow:mapInTotoSignature`; confidence 0.6; lossy: signature bytes, algorithm, signed-by identity

Use to model a signature over any artifact — a message, document, or headers — asserting its origin and integrity; the generic parent of PGP and S/MIME signatures, signing more than mail.

Avoid for the key itself (that is gmeow:CryptographicKey) and for the dated identity↔key attestation (gmeow:Certification); a signature is the signing act's product, not the key or the binding. Use a subclass (gmeow:PGPSignature, gmeow:SMIMESignature) when the scheme is known.

Type the signature (or a scheme subclass), bind gmeow:signingKey and gmeow:signedBy, record gmeow:signatureAlgorithm and the gmeow:verificationStatus outcome, and let an email extension carry the wire-auth half (DKIM, Authentication-Results).