cosign verify-blob

Verify a signature on the supplied blob

Options

NameDescription
--output-file <output-file>Log output to a file
--timeout, -t <timeout>Timeout for commands
--verbose, -dLog debug output
--allow-insecure-registryWhether to allow insecure connections to registries. Don't use this for anything but testing
--attachment-tag-prefix <attachment-tag-prefix>Optional custom prefix to use for attached image tags. Attachment images are tagged as: `[AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName]`
--bundle <bundle>Path to bundle FILE
--cert <cert>Path to the public certificate
--cert-email <cert-email>The email expected in a valid Fulcio certificate
--cert-oidc-issuer <cert-oidc-issuer>The OIDC issuer expected in a valid Fulcio certificate, e.g. https://token.actions.githubusercontent.com or https://oauth2.sigstore.dev/auth
--k8s-keychainWhether to use the kubernetes keychain instead of the default keychain (supports workload identity)
--key <key>Path to the public key file, KMS URI or Kubernetes Secret
--rekor-url <rekor-url>[EXPERIMENTAL] address of rekor STL server
--signature <signature>Signature content or path or remote URL
--skWhether to use a hardware security key
--slot <slot>Security key slot to use for generated key (default: signature) (authentication|signature|card-authentication|key-management)
--help, -hHelp for verify-blob