Add example of openssl signing. (#554)

Signed-off-by: Dan Lorenc <dlorenc@google.com>

EXAMPLES.md

@@ -24,3 +24,25 @@ $ gcloud kms keys versions get-public-key 1 --key=foo --keyring=foo --location=u
 # Verify in openssl
 $ openssl dgst -sha256 -verify pubkey.pem -signature gcpkms.sig payload
 ```
+## Sign With OpenSSL, Verify With Cosign
+
+```shell
+# Generate a keypair
+$ openssl ecparam -name prime256v1 -genkey -noout -out openssl.key
+$ openssl ec -in openssl.key -pubout -out openssl.pub
+# Generate the payload to be signed
+$ cosign generate us.gcr.io/dlorenc-vmtest2/demo > payload.json
+# Sign it and convert to base64
+$ openssl dgst -sha256 -sign openssl.key -out payload.sig payload.json
+$ cat payload.sig | base64 > payloadbase64.sig
+# Upload the signature
+$ cosign attach signature -payload payload.json -signature payloadbase64.sig  us.gcr.io/dlorenc-vmtest2/demo
+# Verify!
+$ cosign verify -key openssl.pub us.gcr.io/dlorenc-vmtest2/demo
+Verification for us.gcr.io/dlorenc-vmtest2/demo --
+The following checks were performed on each of these signatures:
+  - The cosign claims were validated
+  - The signatures were verified against the specified public key
+  - Any certificates were verified against the Fulcio roots.
+{"critical":{"identity":{"docker-reference":"us.gcr.io/dlorenc-vmtest2/demo"},"image":{"docker-manifest-digest":"sha256:124e1fdee94fe5c5f902bc94da2d6e2fea243934c74e76c2368acdc8d3ac7155"},"type":"cosign container image signature"},"optional":null}
+```