Available on crate feature
cosign only.Expand description
Structs providing cosign verification capabilities
The focus of this crate is to provide the verification capabilities of cosign, not the signing one.
Sigstore verification can be done using sigstore::cosign::Client.
Instances of this struct can be created via the sigstore::cosign::ClientBuilder.
§What is currently supported
The crate implements the following verification mechanisms:
- Verify using a given key
- Verify bundle produced by transparency log (Rekor)
- Verify signature produced in keyless mode, using Fulcio Web-PKI
Signature annotations and certificate email can be provided at verification time.
§Unit testing inside of our own libraries
In case you want to mock sigstore interactions inside of your own code, you
can implement the CosignCapabilities trait inside of your test suite.
Re-exports§
pub use signature_layers::SignatureLayer;pub use self::client::Client;pub use self::client_builder::ClientBuilder;pub use self::constraint::Constraint;pub use self::constraint::SignConstraintRefVec;pub use payload::simple_signing;
Modules§
- bundle
- client
- client_
builder - constraint
- Structs that can be used to add constraints to
crate::cosign::SignatureLayerwith special business logic. - payload
- This module defines different kinds of payload to be signed in cosign. Now it supports:
- signature_
layers - verification_
constraint - Structs that can be used to verify
crate::cosign::SignatureLayerwith special business logic.
Traits§
- Cosign
Capabilities - Cosign Abilities that have to be implemented by a Cosign client
Functions§
- apply_
constraints - Given a
SignatureLayer, apply all the constraints to that. - verify_
constraints - Given a list of trusted
SignatureLayer, find all the constraints that aren’t satisfied by the layers.