Crate sigstore_verify

Expand description

Sigstore signature verification

This crate provides the main entry point for verifying Sigstore signatures.

§Example

use sigstore_verify::{verify, VerificationPolicy};
use sigstore_trust_root::TrustedRoot;
use sigstore_types::Bundle;

let trusted_root = TrustedRoot::production()?;
let bundle_json = std::fs::read_to_string("artifact.sigstore.json")?;
let bundle = Bundle::from_json(&bundle_json)?;
let artifact = std::fs::read("artifact.txt")?;

let policy = VerificationPolicy::default()
    .require_identity("user@example.com")
    .require_issuer("https://accounts.google.com");

let result = verify(&artifact, &bundle, &policy, &trusted_root)?;
assert!(result.success);

Re-exports§

pub use error::Error;
pub use error::Result;
pub use sigstore_bundle as bundle;
pub use sigstore_crypto as crypto;
pub use sigstore_rekor as rekor;
pub use sigstore_trust_root as trust_root;
pub use sigstore_tsa as tsa;
pub use sigstore_types as types;

Modules§

error: Error types for sigstore-verify

Structs§

VerificationPolicy: Policy for verifying signatures
VerificationResult: Result of verification
Verifier: A verifier for Sigstore signatures

Constants§

DEFAULT_CLOCK_SKEW_SECONDS: Default clock skew tolerance in seconds (60 seconds = 1 minute)

Functions§

verify: Convenience function to verify an artifact against a bundle
verify_with_key: Verify an artifact against a bundle using a provided public key

Crate sigstore_verify

Crate sigstore_verify Copy item path

§Example

Re-exports§

Modules§

Structs§

Constants§

Functions§

Crate sigstore_verify