Package keyselect is used to select the correct public key for signature verification.

IsBase64 checks if the given byte slice is base64 encoded.

NewCosignVerifier unmarshalls and validates the given pem encoded public key and returns a new CosignVerifier.

NewRekor creates a new instance of Rekor to interact with the transparency log at: https://rekor.sigstore.dev.

NewSigner returns a new Signer.

SignContent signs the content with the cosign encrypted private key and corresponding cosign password.

VerifyWithRekor checks if the hash of a signature is present in Rekor.

CosignVerifier wraps a public key that can be used for verifying signatures.

Rekor allows to interact with the transparency log at: https://rekor.sigstore.dev For more information see Rekor's Swagger definition: https://www.sigstore.dev/swagger/#/.

Signer is used to sign the version file.

Verifier checks if the signature of content can be verified.