-
Notifications
You must be signed in to change notification settings - Fork 545
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
keyless verify-blob? #676
Comments
The design doc should be public! You just have to join [email protected] I think... It looks like this is missing from the docs, but there's a "-cert" flag you need to pass to verify a blob using the "keyless" flow right now (when you initially sign an object, you get a certificate from Fulcio, unfortunately you need to remember that certificate somewhere today). That cert can be looked up from Rekor if you only have the artifact, so we can automate/document this too. |
verify-blob takes one of pubkey, cert or sk Signed-off-by: Radoslav Gerganov <[email protected]>
verify-blob takes one of pubkey, cert or sk Signed-off-by: Radoslav Gerganov <[email protected]>
Hey @dlorenc is there any plan to automate looking up the cert using rekor when running |
I think we should do it! I don't have a plan to personally (just a bandwidth thing) but we can definitely help if someone wants to try and get it merged! |
Question
I am able to keyless sign a blog with:
But I can't verify it, as it asks for a
-key
or-sk
.Also, it does not create the output file if I use something like:
Is it something planned to work in the future?
If not, maybe we shouldn't allow keyless signing a blob?
Maybe its just me doing something wrong? I don't see any mentions to blob in the KEYLESS.md file... and seems like the full design doc is not public, so I'm not sure 🤔
The text was updated successfully, but these errors were encountered: