OptSignEntitySelector specifies f be used to select (and decrypt, if necessary) the entity to use to generate signature(s).

OptSignGroup specifies that a signature be applied to cover all objects in the group with the specified groupID.

OptSignObjects specifies that one or more signature(s) be applied to cover objects with the specified ids.

OptSignWithSigner specifies ss be used to generate signature(s).

OptVerifyAll adds one verification task per non-signature object in the image when verification of legacy signatures is enabled.

OptVerifyCallback registers f as the verification callback.

OptVerifyGroup adds a verification task for the group with the specified groupID.

OptVerifyLegacy enables verification of legacy signatures.

OptVerifyObject adds a verification task for the object with the specified id.

OptVerifyWithCertificate appends c as a source of key material to verify signatures.

OptVerifyWithIntermediates specifies p as the pool of certificates that can be used to form a chain from the leaf certificate to a root certificate.

OptVerifyWithOCSP subjects the x509 certificate chains to online revocation checks, before the leaf certificate is deemed as trusted for validating the signature.

OptVerifyWithPGP adds the local public keyring as a source of key material to verify signatures.

OptVerifyWithRoots specifies p as the pool of root certificates to use, instead of the system roots or the platform verifier.

OptVerifyWithVerifier appends sv as a source of key material to verify signatures.

Sign adds one or more digital signatures to the SIF image found at path, according to opts.

Verify verifies digital signature(s) in the SIF image found at path, according to opts.

VerifyFingerprints verifies an image and checks it was signed by *all* of the provided fingerprints.

PKIXOCSPNoCheck refers to the Revocation Checking of an Authorized Responder.

SignOpt are used to configure s.

VerifyOpt are used to configure v.