Skip to main content

sigstore_verify/
lib.rs

1//! Sigstore signature verification
2//!
3//! This crate provides the main entry point for verifying Sigstore signatures.
4//!
5//! # Example
6//!
7//! ```no_run
8//! use sigstore_verify::{verify, VerificationPolicy};
9//! use sigstore_trust_root::TrustedRoot;
10//! use sigstore_types::Bundle;
11//!
12//! # fn example() -> Result<(), Box<dyn std::error::Error>> {
13//! let trusted_root = TrustedRoot::production()?;
14//! let bundle_json = std::fs::read_to_string("artifact.sigstore.json")?;
15//! let bundle = Bundle::from_json(&bundle_json)?;
16//! let artifact = std::fs::read("artifact.txt")?;
17//!
18//! let policy = VerificationPolicy::default()
19//!     .require_identity("user@example.com")
20//!     .require_issuer("https://accounts.google.com");
21//!
22//! let result = verify(&artifact, &bundle, &policy, &trusted_root)?;
23//! assert!(result.success);
24//! # Ok(())
25//! # }
26//! ```
27
28pub mod error;
29mod verify;
30
31// Private submodules for verification logic
32mod verify_impl;
33
34// Re-export core types that users need
35pub use sigstore_bundle as bundle;
36pub use sigstore_crypto as crypto;
37pub use sigstore_rekor as rekor;
38pub use sigstore_trust_root as trust_root;
39pub use sigstore_tsa as tsa;
40pub use sigstore_types as types;
41
42pub use error::{Error, Result};
43pub use verify::{
44    verify, verify_with_key, VerificationPolicy, VerificationResult, Verifier,
45    DEFAULT_CLOCK_SKEW_SECONDS,
46};