Sigstore signature verification

This crate provides the main entry point for verifying Sigstore signatures.

Example

use sigstore_verify::{verify_with_trusted_root, VerificationPolicy};
use sigstore_trust_root::TrustedRoot;
use sigstore_types::Bundle;

# fn example() -> Result<(), Box<dyn std::error::Error>> {
let trusted_root = TrustedRoot::production()?;
let bundle_json = std::fs::read_to_string("artifact.sigstore.json")?;
let bundle = Bundle::from_json(&bundle_json)?;
let artifact = std::fs::read("artifact.txt")?;

let policy = VerificationPolicy::default()
    .require_identity("user@example.com")
    .require_issuer("https://accounts.google.com");

let result = verify_with_trusted_root(&artifact, &bundle, &policy, &trusted_root)?;
assert!(result.success);
# Ok(())
# }