*: Make suggested linter changes

patzielinski · patzielinski · commit 96f9f88af454 · 2025-06-06T16:00:30.000-04:00
diff --git a/cjson/canonicaljson.go b/cjson/canonicaljson.go
@@ -96,7 +96,6 @@ func encodeCanonical(obj interface{}, result *strings.Builder) (err error) {
 			if i < (len(mapKeys) - 1) {
 				result.WriteString(",")
 			}
-			i++
 		}
 		result.WriteString("}")
 
diff --git a/cjson/canonicaljson_test.go b/cjson/canonicaljson_test.go
@@ -135,7 +135,7 @@ func BenchmarkEncodeCanonical(b *testing.B) {
 	for _, v := range table {
 		b.Run(fmt.Sprintf("input_size_%d", len(v.input)), func(b *testing.B) {
 			for i := 0; i < b.N; i++ {
-				EncodeCanonical(v.input)
+				EncodeCanonical(v.input) //nolint:errcheck
 			}
 		})
 	}
diff --git a/dsse/envelope.go b/dsse/envelope.go
@@ -38,7 +38,7 @@ type Signature struct {
 }
 
 /*
-PAE implementes the DSSE Pre-Authentic Encoding
+PAE implements the DSSE Pre-Authentic Encoding
 https://github.com/secure-systems-lab/dsse/blob/master/protocol.md#signature-definition
 */
 func PAE(payloadType string, payload []byte) []byte {
diff --git a/dsse/sign.go b/dsse/sign.go
@@ -47,7 +47,7 @@ algorithms to sign the data. The threshold parameter is legacy and is ignored.
 Deprecated: This function simply calls NewEnvelopeSigner, and that function should
 be preferred.
 */
-func NewMultiEnvelopeSigner(threshold int, p ...Signer) (*EnvelopeSigner, error) {
+func NewMultiEnvelopeSigner(_ int, p ...Signer) (*EnvelopeSigner, error) {
 	return NewEnvelopeSigner(p...)
 }
 
diff --git a/dsse/sign_test.go b/dsse/sign_test.go
@@ -41,11 +41,11 @@ func TestPAE(t *testing.T) {
 
 type nilSignerVerifier int
 
-func (n nilSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) {
+func (n nilSignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) {
 	return data, nil
 }
 
-func (n nilSignerVerifier) Verify(ctx context.Context, data, sig []byte) error {
+func (n nilSignerVerifier) Verify(_ context.Context, data, sig []byte) error {
 	if len(data) != len(sig) {
 		return errLength
 	}
@@ -69,11 +69,11 @@ func (n nilSignerVerifier) Public() crypto.PublicKey {
 
 type nullSignerVerifier int
 
-func (n nullSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) {
+func (n nullSignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) {
 	return data, nil
 }
 
-func (n nullSignerVerifier) Verify(ctx context.Context, data, sig []byte) error {
+func (n nullSignerVerifier) Verify(_ context.Context, data, sig []byte) error {
 	if len(data) != len(sig) {
 		return errLength
 	}
@@ -97,11 +97,11 @@ func (n nullSignerVerifier) Public() crypto.PublicKey {
 
 type errsigner int
 
-func (n errsigner) Sign(ctx context.Context, data []byte) ([]byte, error) {
+func (n errsigner) Sign(_ context.Context, _ []byte) ([]byte, error) {
 	return nil, fmt.Errorf("signing error")
 }
 
-func (n errsigner) Verify(ctx context.Context, data, sig []byte) error {
+func (n errsigner) Verify(_ context.Context, _, _ []byte) error {
 	return errVerify
 }
 
@@ -118,11 +118,11 @@ type errSignerVerifier int
 var errVerify = fmt.Errorf("accepted signatures do not match threshold, Found: 0, Expected 1")
 var errThreshold = fmt.Errorf("invalid threshold")
 
-func (n errSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) {
+func (n errSignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) {
 	return data, nil
 }
 
-func (n errSignerVerifier) Verify(ctx context.Context, data, sig []byte) error {
+func (n errSignerVerifier) Verify(_ context.Context, _, _ []byte) error {
 	return errVerify
 }
 
@@ -136,12 +136,11 @@ func (n errSignerVerifier) Public() crypto.PublicKey {
 
 type badverifier int
 
-func (n badverifier) Sign(ctx context.Context, data []byte) ([]byte, error) {
+func (n badverifier) Sign(_ context.Context, data []byte) ([]byte, error) {
 	return append(data, byte(0)), nil
 }
 
-func (n badverifier) Verify(ctx context.Context, data, sig []byte) error {
-
+func (n badverifier) Verify(_ context.Context, data, sig []byte) error {
 	if len(data) != len(sig) {
 		return errLength
 	}
@@ -186,7 +185,7 @@ func TestNilSign(t *testing.T) {
 
 	pae := PAE(payloadType, payload)
 	want := Envelope{
-		Payload:     base64.StdEncoding.EncodeToString([]byte(payload)),
+		Payload:     base64.StdEncoding.EncodeToString(payload),
 		PayloadType: payloadType,
 		Signatures: []Signature{
 			{
@@ -200,7 +199,7 @@ func TestNilSign(t *testing.T) {
 	signer, err := NewEnvelopeSigner(ns)
 	assert.Nil(t, err, "unexpected error")
 
-	got, err := signer.SignPayload(context.TODO(), payloadType, []byte(payload))
+	got, err := signer.SignPayload(context.TODO(), payloadType, payload)
 	assert.Nil(t, err, "sign failed")
 	assert.Equal(t, &want, got, "bad signature")
 }
@@ -253,7 +252,7 @@ type ecdsaSignerVerifier struct {
 	verified bool
 }
 
-func (es *ecdsaSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) {
+func (es *ecdsaSignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) {
 	// Data is complete message, hash it and sign the digest
 	digest := sha256.Sum256(data)
 	r, s, err := rfc6979.SignECDSA(es.key, digest[:], sha256.New)
@@ -264,12 +263,12 @@ func (es *ecdsaSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, e
 	rb := r.Bytes()
 	sb := s.Bytes()
 	es.rLen = len(rb)
-	rawSig := append(rb, sb...)
+	rawSig := append(rb, sb...) //nolint:gocritic
 
 	return rawSig, nil
 }
 
-func (es *ecdsaSignerVerifier) Verify(ctx context.Context, data, sig []byte) error {
+func (es *ecdsaSignerVerifier) Verify(_ context.Context, data, sig []byte) error {
 	var r big.Int
 	var s big.Int
 	digest := sha256.Sum256(data)
diff --git a/dsse/verify.go b/dsse/verify.go
@@ -43,8 +43,8 @@ func (ev *EnvelopeVerifier) Verify(ctx context.Context, e *Envelope) ([]Accepted
 	// If *any* signature is found to be incorrect, it is skipped
 	var acceptedKeys []AcceptedKey
 	usedKeyids := make(map[string]string)
-	unverified_providers := make([]Verifier, len(ev.providers))
-	copy(unverified_providers, ev.providers)
+	unverifiedProviders := make([]Verifier, len(ev.providers))
+	copy(unverifiedProviders, ev.providers)
 	for _, s := range e.Signatures {
 		sig, err := b64Decode(s.Sig)
 		if err != nil {
@@ -55,7 +55,7 @@ func (ev *EnvelopeVerifier) Verify(ctx context.Context, e *Envelope) ([]Accepted
 		// If provider and signature include key IDs but do not match skip.
 		// If a provider recognizes the key, we exit
 		// the loop and use the result.
-		providers := unverified_providers
+		providers := unverifiedProviders
 		for i, v := range providers {
 			keyID, err := v.KeyID()
 
@@ -81,7 +81,7 @@ func (ev *EnvelopeVerifier) Verify(ctx context.Context, e *Envelope) ([]Accepted
 				KeyID:  keyID,
 				Sig:    s,
 			}
-			unverified_providers = removeIndex(providers, i)
+			unverifiedProviders = removeIndex(providers, i)
 
 			// See https://github.com/in-toto/in-toto/pull/251
 			if _, ok := usedKeyids[keyID]; ok {
diff --git a/dsse/verify_test.go b/dsse/verify_test.go
@@ -23,7 +23,7 @@ type mockVerifier struct {
 	returnErr error
 }
 
-func (m *mockVerifier) Verify(ctx context.Context, data, sig []byte) error {
+func (m *mockVerifier) Verify(_ context.Context, _, _ []byte) error {
 	if m.returnErr != nil {
 		return m.returnErr
 	}
@@ -71,7 +71,6 @@ func TestVerify(t *testing.T) {
 
 	// Now verify
 	assert.Error(t, err)
-
 }
 
 func TestVerifyOneProvider(t *testing.T) {
@@ -247,11 +246,11 @@ type interceptSignerVerifier struct {
 	verifyCalled bool
 }
 
-func (i *interceptSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) {
+func (i *interceptSignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) {
 	return data, nil
 }
 
-func (i *interceptSignerVerifier) Verify(ctx context.Context, data, sig []byte) error {
+func (i *interceptSignerVerifier) Verify(_ context.Context, _, _ []byte) error {
 	i.verifyCalled = true
 
 	if i.verifyRes {
diff --git a/signerverifier/ecdsa.go b/signerverifier/ecdsa.go
@@ -57,7 +57,7 @@ func NewECDSASignerVerifierFromSSLibKey(key *SSLibKey) (*ECDSASignerVerifier, er
 }
 
 // Sign creates a signature for `data`.
-func (sv *ECDSASignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) {
+func (sv *ECDSASignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) {
 	if sv.private == nil {
 		return nil, ErrNotPrivateKey
 	}
@@ -68,7 +68,7 @@ func (sv *ECDSASignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, e
 }
 
 // Verify verifies the `sig` value passed in against `data`.
-func (sv *ECDSASignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error {
+func (sv *ECDSASignerVerifier) Verify(_ context.Context, data []byte, sig []byte) error {
 	hashedData := getECDSAHashedData(data, sv.curveSize)
 
 	if ok := ecdsa.VerifyASN1(sv.public, hashedData, sig); !ok {
@@ -93,8 +93,7 @@ func (sv *ECDSASignerVerifier) Public() crypto.PublicKey {
 // LoadECDSAKeyFromFile returns an SSLibKey instance for an ECDSA key stored in
 // a file in the custom securesystemslib format.
 //
-// Deprecated: use LoadKey(). The custom serialization format has been
-// deprecated. Use
+// Deprecated: use LoadKey(). The custom serialization format is deprecated. Use
 // https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py
 // to convert your key.
 func LoadECDSAKeyFromFile(path string) (*SSLibKey, error) {
diff --git a/signerverifier/ed25519.go b/signerverifier/ed25519.go
@@ -57,7 +57,7 @@ func NewED25519SignerVerifierFromSSLibKey(key *SSLibKey) (*ED25519SignerVerifier
 }
 
 // Sign creates a signature for `data`.
-func (sv *ED25519SignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) {
+func (sv *ED25519SignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) {
 	if len(sv.private) == 0 {
 		return nil, ErrNotPrivateKey
 	}
@@ -67,7 +67,7 @@ func (sv *ED25519SignerVerifier) Sign(ctx context.Context, data []byte) ([]byte,
 }
 
 // Verify verifies the `sig` value passed in against `data`.
-func (sv *ED25519SignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error {
+func (sv *ED25519SignerVerifier) Verify(_ context.Context, data []byte, sig []byte) error {
 	if ok := ed25519.Verify(sv.public, data, sig); ok {
 		return nil
 	}
@@ -89,8 +89,7 @@ func (sv *ED25519SignerVerifier) Public() crypto.PublicKey {
 // LoadED25519KeyFromFile returns an SSLibKey instance for an ED25519 key stored
 // in a file in the custom securesystemslib format.
 //
-// Deprecated: use LoadKey(). The custom serialization format has been
-// deprecated. Use
+// Deprecated: use LoadKey(). The custom serialization format is deprecated. Use
 // https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py
 // to convert your key.
 func LoadED25519KeyFromFile(path string) (*SSLibKey, error) {
diff --git a/signerverifier/rsa.go b/signerverifier/rsa.go
@@ -59,7 +59,7 @@ func NewRSAPSSSignerVerifierFromSSLibKey(key *SSLibKey) (*RSAPSSSignerVerifier,
 }
 
 // Sign creates a signature for `data`.
-func (sv *RSAPSSSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) {
+func (sv *RSAPSSSignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) {
 	if sv.private == nil {
 		return nil, ErrNotPrivateKey
 	}
@@ -70,7 +70,7 @@ func (sv *RSAPSSSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte,
 }
 
 // Verify verifies the `sig` value passed in against `data`.
-func (sv *RSAPSSSignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error {
+func (sv *RSAPSSSignerVerifier) Verify(_ context.Context, data []byte, sig []byte) error {
 	hashedData := hashBeforeSigning(data, sha256.New())
 
 	if err := rsa.VerifyPSS(sv.public, crypto.SHA256, hashedData, sig, &rsa.PSSOptions{SaltLength: sha256.Size, Hash: crypto.SHA256}); err != nil {
@@ -95,8 +95,7 @@ func (sv *RSAPSSSignerVerifier) Public() crypto.PublicKey {
 // LoadRSAPSSKeyFromFile returns an SSLibKey instance for an RSA key stored in a
 // file.
 //
-// Deprecated: use LoadKey(). The custom serialization format has been
-// deprecated. Use
+// Deprecated: use LoadKey(). The custom serialization format is deprecated. Use
 // https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py
 // to convert your key.
 func LoadRSAPSSKeyFromFile(path string) (*SSLibKey, error) {
diff --git a/signerverifier/rsa_test.go b/signerverifier/rsa_test.go
@@ -50,7 +50,7 @@ func TestLoadRSAPSSKeyFromFile(t *testing.T) {
 
 		assert.Equal(t, "4e8d20af09fcaed6c388a186427f94a5f7ff5591ec295f4aab2cff49ffe39e9b", key.KeyID)
 		assert.Equal(t, "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA04egZRic+dZMVtiQc56D\nejU4FF1q3aOkUKnD+Q4lTbj1zp6ODKJTcktupmrad68jqtMiSGG8he6ELFs377q8\nbbgEUMWgAf+06Q8oFvUSfOXzZNFI7H5SMPOJY5aDWIMIEZ8DlcO7TfkA7D3iAEJX\nxxTOVS3UAIk5umO7Y7t7yXr8O/C4u78krGazCnoblcekMLJZV4O/5BloWNAe/B1c\nvZdaZUf3brD4ZZrxEtXw/tefhn1aHsSUajVW2wwjSpKhqj7Z0XS3bDS3T95/3xsN\n6+hlS6A7rJfiWpKIRHj0vh2SXLDmmhQl1In8TD/aiycTUyWcBRHVPlYFgYPt6SaT\nVQSgMzSxC43/2fINb2fyt8SbUHJ3Ct+mzRzd/1AQikWhBdstJLxInewzjYE/sb+c\n2CmCxMPQG2BwmAWXaaumeJcXVPBlMgAcjMatM8bPByTbXpKDnQslOE7g/gswDIwn\nEm53T13mZzYUvbLJ0q3aljZVLIC3IZn3ZwA2yCWchBkVAgMBAAE=\n-----END PUBLIC KEY-----", key.KeyVal.Public)
-		expectedPrivateKey := "-----BEGIN RSA PRIVATE KEY-----\nMIIG5AIBAAKCAYEA04egZRic+dZMVtiQc56DejU4FF1q3aOkUKnD+Q4lTbj1zp6O\nDKJTcktupmrad68jqtMiSGG8he6ELFs377q8bbgEUMWgAf+06Q8oFvUSfOXzZNFI\n7H5SMPOJY5aDWIMIEZ8DlcO7TfkA7D3iAEJXxxTOVS3UAIk5umO7Y7t7yXr8O/C4\nu78krGazCnoblcekMLJZV4O/5BloWNAe/B1cvZdaZUf3brD4ZZrxEtXw/tefhn1a\nHsSUajVW2wwjSpKhqj7Z0XS3bDS3T95/3xsN6+hlS6A7rJfiWpKIRHj0vh2SXLDm\nmhQl1In8TD/aiycTUyWcBRHVPlYFgYPt6SaTVQSgMzSxC43/2fINb2fyt8SbUHJ3\nCt+mzRzd/1AQikWhBdstJLxInewzjYE/sb+c2CmCxMPQG2BwmAWXaaumeJcXVPBl\nMgAcjMatM8bPByTbXpKDnQslOE7g/gswDIwnEm53T13mZzYUvbLJ0q3aljZVLIC3\nIZn3ZwA2yCWchBkVAgMBAAECggGAKswAeCPMMsIYTOPhCftyt2mIEJq78d7Xclh+\npWemxXxcAzNSIx0+i9vWJcZtsBRXv4qbH5DiryhMRpsoDJE36Wz3No5darodFKAz\n6L0pwepWXbn4Kpz+LRhA3kzIA0LzgXkuJQFmZoawGJwGmy3RC57ahiJRB9C7xMnD\n0pBOobuHx+rSvW2VUmou5DpDVYEAZ7fV2p511wUK9xkYg8K/Dj7Ok7pFRfh5MTlx\nd/GgIjdm97Np5dq4+moTShtBEqfqviv1OfDa32DISAOcEKiC2jg0O96khDz2YjK4\n0HAbWrGjVB1v+/kWKTWJ6/ddLb+Dk77KKeZ4pSPKYeUM7jXlyVikntmFTw4CXFvk\n2QqOfJyBxAxcx4eB/n6j1mqIvqL6TjloXn/Bhc/65Fr5een3hLbRnhtNxXBURwVo\nYYJwLw7tZOMKqt51qbKU2XqaII7iVHGPaeDUYs4PaBSSW/E1FFAZbId1GSe4+mDi\nJipxs4M6S9N9FPgTmZlgQ/0j6VMhAoHBANrygq2IsgRjczVO+FhOAmmP6xjbcoII\n582JTunwb8Yf4KJR8DM295LRcafk9Ns4l3QF/rESK8mZAbMUsjKlD4WcE2QTOEoQ\nQBV+lJLDyYeAhmq2684dqaIGA5jEW0GcfDpj42Hhy/qiy1PWTe/O1aFaLaYV0bXL\nPN1CTGpc+DdRh5lX7ftoTS/Do0U9Of30s00Bm9AV0LLoyH5WmXpGWatOYBHHwomi\n08vMsbJelgFzDQPRjHfpj7+EZh1wdqe8cQKBwQD3U8QP7ZatB5ymMLsefm/I6Uor\nwz5SqMyiz+u/Fc+4Ii8SwLsVQw+IoZyxofkKTbMESrgQhLbzC59eRbUcF7GZ+lZQ\nw6gG/+YLvx9MYcEVGeruyPmlYFp6g+vN/qEiPs1oZej8r1XjNj228XdTMAJ2qTbZ\nGVyhEMMbBgd5FFxEqueD5/EILT6xj9BxvQ1m2IFbVIkXfOrhdwEk+RcbXDA0n+rS\nkhBajWQ3eVQGY2hWnYB+1fmumYFs8hAaMAJlCOUCgcBCvi6Ly+HIaLCUDZCzCoS9\nvTuDhlHvxdsz0qmVss+/67PEh4nbcuQhg2tMLQVfVm8E1VcAj3N9rwDPoH155stG\nhX97wEgme7GtW7rayohCoDFZko1rdatiUscB6MmQxK0x94U3L2fI7Zth4TA87CY/\nW4gS2w/khSH2qOE2g0S/SEE3w5AuVWtCJjc9Qh7NhayqytS+qAfIoiGMMcXzekKX\nb/rlMKni3xoFRE7e+uprYrES+uwBGdfSIAAo9UGWfGECgcEA8pCJ4qE+vJaRkQCM\nFD0mvyHl54PGFOWORUOsTy1CGrIT/s1c7l5l1rfB6QkVKYDIyLXLThALKdVFSP0O\nwe2O9pfpna42lh7VbMHWHWBmMJ7JpcUf6ozUUAIf+1j2iZKUfAYu+duwXXWuE0VA\npSqZz+znaQaRrTm2UEOagqpwT7xZ8SlCYKWXLigA4/vpL+u4+myvQ4T1C4leaveN\nLP0+He6VLE2qklTHbAynVtiZ1REFm9+Z0B6nK8U/+58ISjTtAoHBALgqMopFIOMw\nAhhasnrL3Pzxf0WKzKmj/y2yEP0Vctm0muqxFnFwPwyOAd6HODJOSiFPD5VN4jvC\n+Yw96Qn29kHGXTKgL1J9cSL8z6Qzlc+UYCdSwmaZK5r36+NBTJgvKY9KrpkXCkSa\nc5YgIYtXMitmq9NmNvcSJWmuuiept3HFlwkU3pfmwzKNEeqi2jmuIOqI2zCOqX67\nI+YQsJgrHE0TmYxxRkgeYUy7s5DoHE25rfvdy5Lx+xAOH8ZgD1SGOw==\n-----END RSA PRIVATE KEY-----"
+		expectedPrivateKey := "-----BEGIN RSA PRIVATE KEY-----\nMIIG5AIBAAKCAYEA04egZRic+dZMVtiQc56DejU4FF1q3aOkUKnD+Q4lTbj1zp6O\nDKJTcktupmrad68jqtMiSGG8he6ELFs377q8bbgEUMWgAf+06Q8oFvUSfOXzZNFI\n7H5SMPOJY5aDWIMIEZ8DlcO7TfkA7D3iAEJXxxTOVS3UAIk5umO7Y7t7yXr8O/C4\nu78krGazCnoblcekMLJZV4O/5BloWNAe/B1cvZdaZUf3brD4ZZrxEtXw/tefhn1a\nHsSUajVW2wwjSpKhqj7Z0XS3bDS3T95/3xsN6+hlS6A7rJfiWpKIRHj0vh2SXLDm\nmhQl1In8TD/aiycTUyWcBRHVPlYFgYPt6SaTVQSgMzSxC43/2fINb2fyt8SbUHJ3\nCt+mzRzd/1AQikWhBdstJLxInewzjYE/sb+c2CmCxMPQG2BwmAWXaaumeJcXVPBl\nMgAcjMatM8bPByTbXpKDnQslOE7g/gswDIwnEm53T13mZzYUvbLJ0q3aljZVLIC3\nIZn3ZwA2yCWchBkVAgMBAAECggGAKswAeCPMMsIYTOPhCftyt2mIEJq78d7Xclh+\npWemxXxcAzNSIx0+i9vWJcZtsBRXv4qbH5DiryhMRpsoDJE36Wz3No5darodFKAz\n6L0pwepWXbn4Kpz+LRhA3kzIA0LzgXkuJQFmZoawGJwGmy3RC57ahiJRB9C7xMnD\n0pBOobuHx+rSvW2VUmou5DpDVYEAZ7fV2p511wUK9xkYg8K/Dj7Ok7pFRfh5MTlx\nd/GgIjdm97Np5dq4+moTShtBEqfqviv1OfDa32DISAOcEKiC2jg0O96khDz2YjK4\n0HAbWrGjVB1v+/kWKTWJ6/ddLb+Dk77KKeZ4pSPKYeUM7jXlyVikntmFTw4CXFvk\n2QqOfJyBxAxcx4eB/n6j1mqIvqL6TjloXn/Bhc/65Fr5een3hLbRnhtNxXBURwVo\nYYJwLw7tZOMKqt51qbKU2XqaII7iVHGPaeDUYs4PaBSSW/E1FFAZbId1GSe4+mDi\nJipxs4M6S9N9FPgTmZlgQ/0j6VMhAoHBANrygq2IsgRjczVO+FhOAmmP6xjbcoII\n582JTunwb8Yf4KJR8DM295LRcafk9Ns4l3QF/rESK8mZAbMUsjKlD4WcE2QTOEoQ\nQBV+lJLDyYeAhmq2684dqaIGA5jEW0GcfDpj42Hhy/qiy1PWTe/O1aFaLaYV0bXL\nPN1CTGpc+DdRh5lX7ftoTS/Do0U9Of30s00Bm9AV0LLoyH5WmXpGWatOYBHHwomi\n08vMsbJelgFzDQPRjHfpj7+EZh1wdqe8cQKBwQD3U8QP7ZatB5ymMLsefm/I6Uor\nwz5SqMyiz+u/Fc+4Ii8SwLsVQw+IoZyxofkKTbMESrgQhLbzC59eRbUcF7GZ+lZQ\nw6gG/+YLvx9MYcEVGeruyPmlYFp6g+vN/qEiPs1oZej8r1XjNj228XdTMAJ2qTbZ\nGVyhEMMbBgd5FFxEqueD5/EILT6xj9BxvQ1m2IFbVIkXfOrhdwEk+RcbXDA0n+rS\nkhBajWQ3eVQGY2hWnYB+1fmumYFs8hAaMAJlCOUCgcBCvi6Ly+HIaLCUDZCzCoS9\nvTuDhlHvxdsz0qmVss+/67PEh4nbcuQhg2tMLQVfVm8E1VcAj3N9rwDPoH155stG\nhX97wEgme7GtW7rayohCoDFZko1rdatiUscB6MmQxK0x94U3L2fI7Zth4TA87CY/\nW4gS2w/khSH2qOE2g0S/SEE3w5AuVWtCJjc9Qh7NhayqytS+qAfIoiGMMcXzekKX\nb/rlMKni3xoFRE7e+uprYrES+uwBGdfSIAAo9UGWfGECgcEA8pCJ4qE+vJaRkQCM\nFD0mvyHl54PGFOWORUOsTy1CGrIT/s1c7l5l1rfB6QkVKYDIyLXLThALKdVFSP0O\nwe2O9pfpna42lh7VbMHWHWBmMJ7JpcUf6ozUUAIf+1j2iZKUfAYu+duwXXWuE0VA\npSqZz+znaQaRrTm2UEOagqpwT7xZ8SlCYKWXLigA4/vpL+u4+myvQ4T1C4leaveN\nLP0+He6VLE2qklTHbAynVtiZ1REFm9+Z0B6nK8U/+58ISjTtAoHBALgqMopFIOMw\nAhhasnrL3Pzxf0WKzKmj/y2yEP0Vctm0muqxFnFwPwyOAd6HODJOSiFPD5VN4jvC\n+Yw96Qn29kHGXTKgL1J9cSL8z6Qzlc+UYCdSwmaZK5r36+NBTJgvKY9KrpkXCkSa\nc5YgIYtXMitmq9NmNvcSJWmuuiept3HFlwkU3pfmwzKNEeqi2jmuIOqI2zCOqX67\nI+YQsJgrHE0TmYxxRkgeYUy7s5DoHE25rfvdy5Lx+xAOH8ZgD1SGOw==\n-----END RSA PRIVATE KEY-----" //nolint:gosec
 		assert.Equal(t, expectedPrivateKey, key.KeyVal.Private)
 		assert.Equal(t, RSAKeyScheme, key.Scheme)
 		assert.Equal(t, RSAKeyType, key.KeyType)
diff --git a/signerverifier/utils_test.go b/signerverifier/utils_test.go

Original file line number	Diff line number	Diff line change
`@@ -96,7 +96,6 @@ func encodeCanonical(obj interface{}, result *strings.Builder) (err error) {`
`96`	`96`	`if i < (len(mapKeys) - 1) {`
`97`	`97`	`result.WriteString(",")`
`98`	`98`	`}`
`99`		`- i++`
`100`	`99`	`}`
`101`	`100`	`result.WriteString("}")`
`102`	`101`
Original file line number	Diff line number	Diff line change
`@@ -135,7 +135,7 @@ func BenchmarkEncodeCanonical(b *testing.B) {`
`135`	`135`	`for _, v := range table {`
`136`	`136`	`b.Run(fmt.Sprintf("input_size_%d", len(v.input)), func(b *testing.B) {`
`137`	`137`	`for i := 0; i < b.N; i++ {`
`138`		`- EncodeCanonical(v.input)`
	`138`	`+ EncodeCanonical(v.input) //nolint:errcheck`
`139`	`139`	`}`
`140`	`140`	`})`
`141`	`141`	`}`
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ type Signature struct {`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`/*`
`41`		`-PAE implementes the DSSE Pre-Authentic Encoding`
	`41`	`+PAE implements the DSSE Pre-Authentic Encoding`
`42`	`42`	`https://github.com/secure-systems-lab/dsse/blob/master/protocol.md#signature-definition`
`43`	`43`	`*/`
`44`	`44`	`func PAE(payloadType string, payload []byte) []byte {`
Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ algorithms to sign the data. The threshold parameter is legacy and is ignored.`
`47`	`47`	`Deprecated: This function simply calls NewEnvelopeSigner, and that function should`
`48`	`48`	`be preferred.`
`49`	`49`	`*/`
`50`		`-func NewMultiEnvelopeSigner(threshold int, p ...Signer) (*EnvelopeSigner, error) {`
	`50`	`+func NewMultiEnvelopeSigner(_ int, p ...Signer) (*EnvelopeSigner, error) {`
`51`	`51`	`return NewEnvelopeSigner(p...)`
`52`	`52`	`}`
`53`	`53`
Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ type mockVerifier struct {`
`23`	`23`	`returnErr error`
`24`	`24`	`}`
`25`	`25`
`26`		`-func (m *mockVerifier) Verify(ctx context.Context, data, sig []byte) error {`
	`26`	`+func (m *mockVerifier) Verify(_ context.Context, _, _ []byte) error {`
`27`	`27`	`if m.returnErr != nil {`
`28`	`28`	`return m.returnErr`
`29`	`29`	`}`
`@@ -71,7 +71,6 @@ func TestVerify(t *testing.T) {`
`71`	`71`
`72`	`72`	`// Now verify`
`73`	`73`	`assert.Error(t, err)`
`74`		`-`
`75`	`74`	`}`
`76`	`75`
`77`	`76`	`func TestVerifyOneProvider(t *testing.T) {`
`@@ -247,11 +246,11 @@ type interceptSignerVerifier struct {`
`247`	`246`	`verifyCalled bool`
`248`	`247`	`}`
`249`	`248`
`250`		`-func (i *interceptSignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) {`
	`249`	`+func (i *interceptSignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) {`
`251`	`250`	`return data, nil`
`252`	`251`	`}`
`253`	`252`
`254`		`-func (i *interceptSignerVerifier) Verify(ctx context.Context, data, sig []byte) error {`
	`253`	`+func (i *interceptSignerVerifier) Verify(_ context.Context, _, _ []byte) error {`
`255`	`254`	`i.verifyCalled = true`
`256`	`255`
`257`	`256`	`if i.verifyRes {`
Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@ func NewED25519SignerVerifierFromSSLibKey(key SSLibKey) (ED25519SignerVerifier`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	// Sign creates a signature for `data`.
`60`		`-func (sv *ED25519SignerVerifier) Sign(ctx context.Context, data []byte) ([]byte, error) {`
	`60`	`+func (sv *ED25519SignerVerifier) Sign(_ context.Context, data []byte) ([]byte, error) {`
`61`	`61`	`if len(sv.private) == 0 {`
`62`	`62`	`return nil, ErrNotPrivateKey`
`63`	`63`	`}`
`@@ -67,7 +67,7 @@ func (sv *ED25519SignerVerifier) Sign(ctx context.Context, data []byte) ([]byte,`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	// Verify verifies the `sig` value passed in against `data`.
`70`		`-func (sv *ED25519SignerVerifier) Verify(ctx context.Context, data []byte, sig []byte) error {`
	`70`	`+func (sv *ED25519SignerVerifier) Verify(_ context.Context, data []byte, sig []byte) error {`
`71`	`71`	`if ok := ed25519.Verify(sv.public, data, sig); ok {`
`72`	`72`	`return nil`
`73`	`73`	`}`
`@@ -89,8 +89,7 @@ func (sv *ED25519SignerVerifier) Public() crypto.PublicKey {`
`89`	`89`	`// LoadED25519KeyFromFile returns an SSLibKey instance for an ED25519 key stored`
`90`	`90`	`// in a file in the custom securesystemslib format.`
`91`	`91`	`//`
`92`		`-// Deprecated: use LoadKey(). The custom serialization format has been`
`93`		`-// deprecated. Use`
	`92`	`+// Deprecated: use LoadKey(). The custom serialization format is deprecated. Use`
`94`	`93`	`// https://github.com/secure-systems-lab/securesystemslib/blob/main/docs/migrate_key.py`
`95`	`94`	`// to convert your key.`
`96`	`95`	`func LoadED25519KeyFromFile(path string) (*SSLibKey, error) {`