8000 TLOG Support · Issue #34 · sigstore/cosign · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

TLOG Support #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dlorenc opened this issue Feb 28, 2021 · 0 comments · Fixed by #44
Closed

TLOG Support #34

dlorenc opened this issue Feb 28, 2021 · 0 comments · Fixed by #44

Comments

@dlorenc
Copy link
Member
dlorenc commented Feb 28, 2021

Let's add an experimental TLOG mode to the tool. This will look like:

TLOG=1 cosign sign ...

and

TLOG=1 cosign verify ...

The tlog server will default to api.rekor.dev, and can be overridden with the REKOR_SERVER env variable.

TLOG=1 cosign sign will publish the signature, public key and payload to the Rekor tlog.
TLOG=1 cosign verify will verify the signature, public key and payload are in the tlog, as well as verifying the signature itself.

Both commands will record the state of the tlog in the .rekor/state.json configuration file and audit the log on each invocation..
@priyawadhwa priyawadhwa mentioned this issue Mar 3, 2021
Merged
tommyd450 referenced this issue in tommyd450/cosign Nov 7, 2023
@JasonPowr
Merge pull request #34 from securesign/rhtap/references/redhat-v2.1.1
5542668 
chore(deps): update rhtap references
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add experimental TLOG model to cosign priyawadhwa/cosign
1 participant
@dlorenc
0