GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sigstore → sigstore-rs

sigstore / sigstore-rs

Licence: other
An experimental Rust crate for sigstore

Programming Languages

rust
11053 projects
Makefile
30231 projects

Labels

rust-librariessigstore

Projects that are alternatives of or similar to sigstore-rs

argocd-interlace
Enabling Software Supply Chain Security Capabilities in ArgoCD
Stars: ✭ 43 (+34.38%)
Mutual labels:  sigstore
sigstore
Common go library shared across sigstore services and clients
Stars: ✭ 285 (+790.63%)
Mutual labels:  sigstore
ocistow
Stream, Mutate and Sign Images with AWS Lambda and ECR
Stars: ✭ 17 (-46.87%)
Mutual labels:  sigstore
Continuous integration Docs License
Continuous integration Docs License: Apache 2.0

This is an experimental crate to interact with sigstore.

This is under high development, many features and checks are still missing.

Features

Verification

The crate implements the following verification mechanisms:

  • Verify using a given key
  • Verify bundle produced by transparency log (Rekor)
  • Verify signature produced in keyless mode, using Fulcio Web-PKI

Signature annotations and certificate email can be provided at verification time.

Known limitations

  • Users must provide the public key of the transparency log (Rekor) and the certificate of the PKI (Fulcio). The removal of this limitation is tracked by this issue.
  • The crate does not handle verification of attestations yet.

Examples

The examples directory contains demo programs using the library.

Security

Should you discover any security issues, please refer to sigstores security process

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].