sigstore/cosign
Verification commands
Four commands consume the artifacts produced by the signing commands and answer the question "did the right person/system sign this?":
| Command | Verifies | Notable input |
|---|---|---|
cosign verify |
Cosign signature attached to an OCI image | image digest, expected identity |
cosign verify-attestation |
DSSE-wrapped in-toto attestation attached to an OCI image | image digest, predicate type, optional CUE/Rego policy |
cosign verify-blob |
A signature alongside a local blob | blob path, signature, cert/bundle |
cosign verify-blob-attestation |
A DSSE attestation alongside a local blob | blob path, attestation envelope |
All four share cmd/cosign/cli/verify/common.go (~475 lines) which holds the cross-command helpers: identity checking, TUF/trusted-root resolution, Rekor entry checking, etc.
cosign verify
cosign verify [--key path|pub-uri | --certificate cert.pem]
--certificate-identity[-regexp] <ident>
--certificate-oidc-issuer[-regexp] <issuer>
[--ca-roots roots.pem] [--ca-intermediates inters.pem]
[--annotations key=value]...
[--offline] [--local-image dir] [--new-bundle-format=true|false]
<image-digest>...Implementation: cmd/cosign/cli/verify.go (Cobra) + cmd/cosign/cli/verify/verify.go (~290 lines orchestrator) → pkg/cosign/verify.go (legacy path) or cmd/cosign/cli/verify/verify_bundle.go → sigstore-go (new bundle path).
Flow:
sequenceDiagram
participant U as User
participant V as cosign verify
participant R as Registry
participant S as Verifier (sigstore-go / pkg/cosign)
participant T as TUF
U->>V: cosign verify $IMAGE --certificate-identity ...
V->>R: pull manifest, find sha256-<digest>.sig (or attached bundle)
V->>T: resolve trusted_root.json (CA, Rekor key, CT key, TSA chain)
V->>S: verify signature against payload + cert
S->>S: chain validation (cert vs Fulcio CA)
S->>S: SCT verification (CT log key)
S->>S: Rekor inclusion proof + SET
S->>S: optional TSA timestamp
S->>V: ok or error
V->>V: enforce --certificate-identity / --certificate-oidc-issuer match
V->>U: claims printed to stdoutIf verification succeeds, cosign prints the simple-signing payload as JSON on stdout (and a human summary to stderr). If you ask for --output text, only the human summary is emitted.
--offline skips the live Rekor lookup and trusts the inclusion proof embedded in the bundle (or in the legacy BundleAnnotationKey annotation). Required for air-gapped verification.
--local-image <dir> verifies a saved image written by cosign save instead of fetching from a registry. pkg/cosign/verifiers.go has the local layout reader.
cosign verify-attestation
cosign verify-attestation [--key|--certificate-identity ...]
--type slsaprovenance|vuln|... [--policy policy.cue|policy.rego]
<image-digest>Implementation: cmd/cosign/cli/verify_attestation.go + cmd/cosign/cli/verify/verify_attestation.go.
Steps beyond plain verify:
- After the cryptographic check, parse the DSSE payload as an in-toto Statement.
- Filter to attestations of the requested
--type. - If
--policyis supplied, hand the predicate topkg/cosign/cue/orpkg/cosign/rego/and require the policy to evaluate to true. - Print the matching Statement on stdout.
cosign verify-blob
cosign verify-blob [--key|--certificate cert.pem|--bundle bundle.sigstore.json]
--signature sig.txt
--certificate-identity[-regexp] <ident>
--certificate-oidc-issuer[-regexp] <issuer>
[--offline] <file>Implementation: cmd/cosign/cli/verify_blob.go + cmd/cosign/cli/verify/verify_blob.go (12 KB) and a giant 57 KB) covering legacy/new-bundle, online/offline, and various certificate combinations.verify_blob_test.go (
The function accepts every shape signatures take in the wild:
- raw base64 in
--signatureplus a--certificatePEM, - a Rekor bundle JSON,
- a Sigstore protobuf bundle.
It picks the appropriate verifier based on what's present, then enforces the identity assertions.
cosign verify-blob-attestation
cosign verify-blob-attestation --bundle bundle.sigstore.json
--certificate-identity ... --certificate-oidc-issuer ...
[--type ...] [--policy ...] <file>Implementation: cmd/cosign/cli/verify_blob_attestation.go + cmd/cosign/cli/verify/verify_blob_attestation.go (~12 KB) — the equivalent of verify-attestation for non-OCI inputs. Shares the policy plumbing with the OCI flavour.
Identity matching
Across all four, identity is asserted via:
--certificate-identityand--certificate-oidc-issuer(exact match against the cert SAN), or--certificate-identity-regexpand--certificate-oidc-issuer-regexp(regex match).
These are required for any keyless verification. The check happens after cryptographic validation, so a wrong identity always fails after the chain has already been validated.
cmd/cosign/cli/verify/common.go houses the Identities extraction and matching logic.
TLog and TSA verification
- By default, the verifier requires a Rekor entry. Set
--insecure-ignore-tlogto bypass (cosign prints aSkipping tlog verification is an insecure practice…warning, seeignoreTLogMessageincmd/cosign/cli/verify.go). --use-signed-timestampschecks an embedded RFC3161 TSA timestamp in addition to the Rekor SET.--certificate-chain/--ca-roots/--ca-intermediatesswap in custom roots for BYO PKI.
Key source files
| File | Purpose |
|---|---|
cmd/cosign/cli/verify.go |
Cobra command for verify |
cmd/cosign/cli/verify/verify.go |
Orchestrator (legacy + bundle paths) |
cmd/cosign/cli/verify/verify_bundle.go |
New protobuf-bundle verification path |
cmd/cosign/cli/verify/common.go |
Identity matching, trusted-root resolution |
pkg/cosign/verify.go |
Legacy verification primitives (~2,000 lines) |
pkg/cosign/verify_sct.go |
SCT verification |
pkg/cosign/tlog.go |
Rekor inclusion proof + SET checks |
cmd/cosign/cli/verify/verify_attestation.go |
Attestation flow |
cmd/cosign/cli/verify/verify_blob.go |
Blob signature verification |
cmd/cosign/cli/verify/verify_blob_attestation.go |
Blob attestation verification |
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.