pub fn verify_detached(
bytes: &[u8],
signature_b64: &str,
public_key_b64: &str,
) -> Result<(), BundleError>Expand description
Verify a detached ed25519 signature over raw bytes against a
base64-encoded 32-byte public key and base64-encoded 64-byte
signature. Used to authenticate documents that aren’t manifests (e.g.
the refreshable model catalog in car-inference): the source signs
the exact file bytes, so no canonicalization is needed.