-
Notifications
You must be signed in to change notification settings - Fork 556
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using sign-blob with a transparency log should output cert to disk #936
Comments
Any updates here? What we expect here something like: $ cosign sign-blob --help
...
--output-sig string write the signature to FILE
--output-cert string write the certificate to FILE ...right? Our current workaround is to ask Rekor to get the cert:
Cross ref: goreleaser/goreleaser#2657 and goreleaser/goreleaser#2659 (comment) |
I think this was fixed recently in #991! |
Thank you, @dlorenc. Yes, we're aware of that issue while opening this one. Still, IMHO these two are different because we are extracting the certificate for later use in the verify-blob command that accepts this certificate through the |
Whoops I misunderstood. Yeah I think #1016 is the same! |
Closed with #1016! |
Description
I’m trying to use cosign’s experimental transparency log feature to sign a blob (a go binary built and uploaded to a GH release).
verify-blob requires the blob, signature, and public key.
The blob and signature are easy to provide. (The signature can be extracted when signing via the --signature flag). However getting the public key is a bit trickier...
The sign-blob does output the ephemeral signing cert to stdout. However the only way to extract it is via scripting it out of stdout.
i.e.
It would be great if there was a flag to do this instead!
The text was updated successfully, but these errors were encountered: