Scroll to navigation

skopeo-standalone-verify(1)() skopeo-standalone-verify(1)()

NAME

skopeo-standalone-verify - Debugging tool - Verify an image signature from local files.

SYNOPSIS

skopeo standalone-verify manifest docker-reference key-fingerprints signature

DESCRIPTION

Verify a signature using local files; the digest will be printed on success. This is primarily a debugging tool, useful for special cases, and usually should not be a part of your normal operational workflow. Additionally, consider configuring a signature verification policy file, as per containers-policy.json(5).

manifest Path to a file containing the image manifest

docker-reference A docker reference expected to identify the image in the signature

key-fingerprints Identities of trusted signing keys (comma separated), or "any" to trust any known key when using a public key file

signature Path to signature file

Note: If you do use this, make sure that the image can not be changed at the source location between the times of its verification and use.

OPTIONS

See also skopeo(1) for options placed before the subcommand name.

--help, -h

Print usage statement

--public-key-file public key file

File containing the public keys to use when verifying signatures. If this is not specified, keys from the GPG homedir are used.

EXAMPLES

$ skopeo standalone-verify busybox-manifest.json registry.example.com/example/busybox 1D8230F6CDB6A06716E414C1DB72F2188BB46CC8  busybox.signature
Signature verified, digest sha256:20bf21ed457b390829cdbeec8795a7bea1626991fda603e0d01b4e7f60427e55

NOTES

This command is intended for use with local signatures e.g. OpenPGP ( other signature formats may be added in the future ), as per containers-signature(5). Furthermore, this command does not interact with the artifacts generated by Docker Content Trust (DCT). For more information, please see containers-signature(5) ⟨https://github.com/containers/image/blob/main/docs/containers-signature.5.md⟩.

SEE ALSO

skopeo(1), containers-signature(5), containers-policy.json(5)

AUTHORS

Antonio Murdaca runcom@redhat.com ⟨mailto:runcom@redhat.com⟩, Miloslav Trmac mitr@redhat.com ⟨mailto:mitr@redhat.com⟩, Jhon Honce jhonce@redhat.com ⟨mailto:jhonce@redhat.com⟩