Skip to content

Latest commit

 

History

History
21 lines (18 loc) · 523 Bytes

README.md

File metadata and controls

21 lines (18 loc) · 523 Bytes
Raw

This example shows how to verify a blob, using a bundle that was created by the cosign sign-blob command.

Create the artifact to be signed.

cd examples/cosign/verify-bundle
echo something > artifact.txt

Sign the artifact.txt file using cosign

cosign sign-blob --bundle=artifact.bundle artifact.txt

Verify using sigstore-rs:

cargo run --example verify-bundle -- \
    --rekor-pub-key ~/.sigstore/root/targets/rekor.pub \
    --bundle artifact.bundle \
    artifact.txt