diff --git a/internal/pkg/cosign/ephemeral/signer_test.go b/internal/pkg/cosign/ephemeral/signer_test.go
index 3c7757b0dcd..b51721731cb 100644
--- a/internal/pkg/cosign/ephemeral/signer_test.go
+++ b/internal/pkg/cosign/ephemeral/signer_test.go
@@ -18,7 +18,6 @@ import (
 	"bytes"
 	"context"
 	"crypto"
-	"encoding/base64"
 	"strings"
 	"testing"
 
@@ -43,14 +42,9 @@ func TestEphemeralSigner(t *testing.T) {
 		t.Fatalf("signature.LoadVerifier(pub) returned error: %v", err)
 	}
 
-	b64Sig, err := ociSig.Base64Signature()
+	sig, err := ociSig.Signature()
 	if err != nil {
-		t.Fatalf("ociSig.Base64Signature() returned error: %v", err)
-	}
-
-	sig, err := base64.StdEncoding.DecodeString(b64Sig)
-	if err != nil {
-		t.Fatalf("base64.StdEncoding.DecodeString(b64Sig) returned error: %v", err)
+		t.Fatalf("ociSig.Signature() returned error: %v", err)
 	}
 
 	err = verifier.VerifySignature(bytes.NewReader(sig), strings.NewReader(testPayload))
diff --git a/internal/pkg/cosign/fulcio/signer_test.go b/internal/pkg/cosign/fulcio/signer_test.go
index 8a9a8bbb435..5bac26fb87b 100644
--- a/internal/pkg/cosign/fulcio/signer_test.go
+++ b/internal/pkg/cosign/fulcio/signer_test.go
@@ -18,7 +18,6 @@ import (
 	"bytes"
 	"context"
 	"crypto"
-	"encoding/base64"
 	"strings"
 	"testing"
 
@@ -112,13 +111,9 @@ func TestSigner(t *testing.T) {
 	if err != nil {
 		t.Fatalf("signature.LoadVerifier(pub) returned error: %v", err)
 	}
-	b64Sig, err := ociSig.Base64Signature()
+	sig, err := ociSig.Signature()
 	if err != nil {
-		t.Fatalf("ociSig.Base64Signature() returned error: %v", err)
-	}
-	sig, err := base64.StdEncoding.DecodeString(b64Sig)
-	if err != nil {
-		t.Fatalf("base64.StdEncoding.DecodeString(b64Sig) returned error: %v", err)
+		t.Fatalf("ociSig.Signature() returned error: %v", err)
 	}
 	gotPayload, err := ociSig.Payload()
 	if err != nil {
diff --git a/internal/pkg/cosign/payload/signer_test.go b/internal/pkg/cosign/payload/signer_test.go
index a9f0ff7ea0c..d2ccf7dcb24 100644
--- a/internal/pkg/cosign/payload/signer_test.go
+++ b/internal/pkg/cosign/payload/signer_test.go
@@ -18,7 +18,6 @@ import (
 	"bytes"
 	"context"
 	"crypto"
-	"encoding/base64"
 	"strings"
 	"testing"
 
@@ -54,14 +53,9 @@ func TestSigner(t *testing.T) {
 		t.Fatalf("signature.LoadVerifier(pub) returned error: %v", err)
 	}
 
-	b64Sig, err := ociSig.Base64Signature()
+	sig, err := ociSig.Signature()
 	if err != nil {
-		t.Fatalf("ociSig.Base64Signature() returned error: %v", err)
-	}
-
-	sig, err := base64.StdEncoding.DecodeString(b64Sig)
-	if err != nil {
-		t.Fatalf("base64.StdEncoding.DecodeString(b64Sig) returned error: %v", err)
+		t.Fatalf("ociSig.Signature() returned error: %v", err)
 	}
 
 	gotPayload, err := ociSig.Payload()
diff --git a/internal/pkg/cosign/rekor/signer_test.go b/internal/pkg/cosign/rekor/signer_test.go
index 05a3fbb2ae3..5f3dfa02351 100644
--- a/internal/pkg/cosign/rekor/signer_test.go
+++ b/internal/pkg/cosign/rekor/signer_test.go
@@ -18,7 +18,6 @@ import (
 	"bytes"
 	"context"
 	"crypto"
-	"encoding/base64"
 	"strings"
 	"testing"
 
@@ -71,13 +70,9 @@ func TestSigner(t *testing.T) {
 	if err != nil {
 		t.Fatalf("signature.LoadVerifier(pub) returned error: %v", err)
 	}
-	b64Sig, err := ociSig.Base64Signature()
+	sig, err := ociSig.Signature()
 	if err != nil {
-		t.Fatalf("ociSig.Base64Signature() returned error: %v", err)
-	}
-	sig, err := base64.StdEncoding.DecodeString(b64Sig)
-	if err != nil {
-		t.Fatalf("base64.StdEncoding.DecodeString(b64Sig) returned error: %v", err)
+		t.Fatalf("ociSig.Signature() returned error: %v", err)
 	}
 	gotPayload, err := ociSig.Payload()
 	if err != nil {
diff --git a/internal/pkg/cosign/tsa/signer.go b/internal/pkg/cosign/tsa/signer.go
index 4739463d76a..10ac6fd748c 100644
--- a/internal/pkg/cosign/tsa/signer.go
+++ b/internal/pkg/cosign/tsa/signer.go
@@ -18,7 +18,6 @@ import (
 	"bytes"
 	"context"
 	"crypto"
-	"encoding/base64"
 	"fmt"
 	"io"
 	"os"
@@ -81,13 +80,8 @@ func (rs *signerWrapper) Sign(ctx context.Context, payload io.Reader) (oci.Signa
 		return nil, nil, err
 	}
 
-	b64Sig, err := sig.Base64Signature()
-	if err != nil {
-		return nil, nil, err
-	}
-
 	// create timestamp over raw bytes of signature
-	rawSig, err := base64.StdEncoding.DecodeString(b64Sig)
+	rawSig, err := sig.Signature()
 	if err != nil {
 		return nil, nil, err
 	}
diff --git a/internal/pkg/cosign/tsa/signer_test.go b/internal/pkg/cosign/tsa/signer_test.go
index 6d072dfb599..4cb136b5de6 100644
--- a/internal/pkg/cosign/tsa/signer_test.go
+++ b/internal/pkg/cosign/tsa/signer_test.go
@@ -18,7 +18,6 @@ import (
 	"bytes"
 	"context"
 	"crypto"
-	"encoding/base64"
 	"strings"
 	"testing"
 	"time"
@@ -65,13 +64,9 @@ func TestSigner(t *testing.T) {
 	if err != nil {
 		t.Fatalf("signature.LoadVerifier(pub) returned error: %v", err)
 	}
-	b64Sig, err := ociSig.Base64Signature()
+	sig, err := ociSig.Signature()
 	if err != nil {
-		t.Fatalf("ociSig.Base64Signature() returned error: %v", err)
-	}
-	sig, err := base64.StdEncoding.DecodeString(b64Sig)
-	if err != nil {
-		t.Fatalf("base64.StdEncoding.DecodeString(b64Sig) returned error: %v", err)
+		t.Fatalf("ociSig.Signature() returned error: %v", err)
 	}
 	gotPayload, err := ociSig.Payload()
 	if err != nil {
diff --git a/pkg/oci/internal/signature/layer.go b/pkg/oci/internal/signature/layer.go
index ea86d61266a..251d3edc09d 100644
--- a/pkg/oci/internal/signature/layer.go
+++ b/pkg/oci/internal/signature/layer.go
@@ -17,6 +17,7 @@ package signature
 
 import (
 	"crypto/x509"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -69,6 +70,15 @@ func (s *sigLayer) Payload() ([]byte, error) {
 	return payload, nil
 }
 
+// Signature implements oci.Signature
+func (s *sigLayer) Signature() ([]byte, error) {
+	b64sig, err := s.Base64Signature()
+	if err != nil {
+		return nil, err
+	}
+	return base64.StdEncoding.DecodeString(b64sig)
+}
+
 // Base64Signature implements oci.Signature
 func (s *sigLayer) Base64Signature() (string, error) {
 	b64sig, ok := s.desc.Annotations[sigkey]
diff --git a/pkg/oci/mutate/signature.go b/pkg/oci/mutate/signature.go
index 3848803300e..657086fbcc8 100644
--- a/pkg/oci/mutate/signature.go
+++ b/pkg/oci/mutate/signature.go
@@ -64,6 +64,11 @@ func (sw *sigWrapper) Payload() ([]byte, error) {
 	return sw.wrapped.Payload()
 }
 
+// Signature implements oci.Signature
+func (sw *sigWrapper) Signature() ([]byte, error) {
+	return sw.wrapped.Signature()
+}
+
 // Base64Signature implements oci.Signature.
 func (sw *sigWrapper) Base64Signature() (string, error) {
 	return sw.wrapped.Base64Signature()
diff --git a/pkg/oci/signature/layer.go b/pkg/oci/signature/layer.go
index ea86d61266a..251d3edc09d 100644
--- a/pkg/oci/signature/layer.go
+++ b/pkg/oci/signature/layer.go
@@ -17,6 +17,7 @@ package signature
 
 import (
 	"crypto/x509"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -69,6 +70,15 @@ func (s *sigLayer) Payload() ([]byte, error) {
 	return payload, nil
 }
 
+// Signature implements oci.Signature
+func (s *sigLayer) Signature() ([]byte, error) {
+	b64sig, err := s.Base64Signature()
+	if err != nil {
+		return nil, err
+	}
+	return base64.StdEncoding.DecodeString(b64sig)
+}
+
 // Base64Signature implements oci.Signature
 func (s *sigLayer) Base64Signature() (string, error) {
 	b64sig, ok := s.desc.Annotations[sigkey]
diff --git a/pkg/oci/signatures.go b/pkg/oci/signatures.go
index f8ca30f7039..32f2f890c03 100644
--- a/pkg/oci/signatures.go
+++ b/pkg/oci/signatures.go
@@ -42,6 +42,11 @@ type Signature interface {
 	// This will always return data when there is no error.
 	Payload() ([]byte, error)
 
+	// Signature fetches the raw signature
+	// of the payload.  This will always return data when
+	// there is no error.
+	Signature() ([]byte, error)
+
 	// Base64Signature fetches the base64 encoded signature
 	// of the payload.  This will always return data when
 	// there is no error.
diff --git a/pkg/oci/static/signature.go b/pkg/oci/static/signature.go
index c766d841baa..406386347f2 100644
--- a/pkg/oci/static/signature.go
+++ b/pkg/oci/static/signature.go
@@ -18,6 +18,7 @@ package static
 import (
 	"bytes"
 	"crypto/x509"
+	"encoding/base64"
 	"io"
 
 	v1 "github.com/google/go-containerregistry/pkg/v1"
@@ -138,6 +139,15 @@ func (l *staticLayer) Payload() ([]byte, error) {
 	return l.b, nil
 }
 
+// Signature implements oci.Signature
+func (l *staticLayer) Signature() ([]byte, error) {
+	b64sig, err := l.Base64Signature()
+	if err != nil {
+		return nil, err
+	}
+	return base64.StdEncoding.DecodeString(b64sig)
+}
+
 // Base64Signature implements oci.Signature
 func (l *staticLayer) Base64Signature() (string, error) {
 	return l.b64sig, nil
diff --git a/pkg/policy/attestation_test.go b/pkg/policy/attestation_test.go
index 0da6e92e448..4d85fbcf163 100644
--- a/pkg/policy/attestation_test.go
+++ b/pkg/policy/attestation_test.go
@@ -43,6 +43,9 @@ func (fa *failingAttestation) Payload() ([]byte, error) {
 func (fa *failingAttestation) Annotations() (map[string]string, error) {
 	return nil, fmt.Errorf("unimplemented")
 }
+func (fa *failingAttestation) Signature() ([]byte, error) {
+	return nil, fmt.Errorf("unimplemented")
+}
 func (fa *failingAttestation) Base64Signature() (string, error) {
 	return "", fmt.Errorf("unimplemented")
 }