Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: verify-blob --cert base64 #1088

Merged
merged 1 commit into from
Nov 21, 2021
Merged

feat: verify-blob --cert base64 #1088

merged 1 commit into from
Nov 21, 2021

Conversation

caarlos0
Copy link
Contributor

@caarlos0 caarlos0 commented Nov 21, 2021
edited
Loading

Summary

#1016 added a new --output-certificate flag. It writes the certificate as base64 by default (given --b64 is true by default), but then if you try to use that same file to verify the blob later, it fails, as verify does not decode the string.

This makes --certificate works with both a base64'ed file and a regular one.

Not sure if this makes sense and if its the best impl, just throwing the idea around...

before

$ COSIGN_EXPERIMENTAL=1 go run ./cmd/cosign/ verify-blob --key key.pem --signature README.md.sig README.md
Error: verifying blob [README.md]: loading public key: pem to public key: PEM decoding failed
main.go:46: error during command execution: verifying blob [README.md]: loading public key: pem to public key: PEM decoding failed
exit status 1

now

$ ❯ COSIGN_EXPERIMENTAL=1 go run ./cmd/cosign/ verify-blob --cert key.pem --signature README.md.sig README.md
Certificate is trusted by Fulcio Root CA
Email: [carlos@becker.software]
Issuer:  https://github.com/login/oauth
Verified OK
tlog entry verified with uuid: "cca034dcf30323b30d8d131e06458c02187dab25ee1fa481914595777d027177" index: 877676

Ticket Link

n/a

Release Note

Allows base64 files as --cert in verify-blob

@caarlos0
feat: verify-blob --cert base64
a46340f 
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
@dlorenc dlorenc merged commit aff2e37 into sigstore:main Nov 21, 2021
@github-actions github-actions bot added this to the v1.4.0 milestone Nov 21, 2021
@caarlos0 caarlos0 deleted the verify-b64-cert branch November 21, 2021 23:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlorenc dlorenc dlorenc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.4.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@caarlos0 @dlorenc