1skopeo-standalone-verify(1)() skopeo-standalone-verify(1)()
2
6 skopeo-standalone-verify - Verify an image signature.
7
10 skopeo standalone-verify manifest docker-reference key-fingerprint sig‐
11 nature
12
15 Verify a signature using local files; the digest will be printed on
16 success. This is primarily a debugging tool, useful for special cases,
17 and usually should not be a part of your normal operational workflow.
18 Additionally, consider configuring a signature verification policy
19 file, as per containers-policy.json(5).
20 manifest Path to a file containing the image manifest
23 docker-reference A docker reference expected to identify the image in
26 the signature
27 key-fingerprint Expected identity of the signing key
30 signature Path to signature file
33 Note: If you do use this, make sure that the image can not be changed
36 at the source location between the times of its verification and use.
37
40 --help, -h
41 Print usage statement
44
47 $ skopeo standalone-verify busybox-manifest.json registry.example.com/example/busybox 1D8230F6CDB6A06716E414C1DB72F2188BB46CC8 busybox.signature
48 Signature verified, digest sha256:20bf21ed457b390829cdbeec8795a7bea1626991fda603e0d01b4e7f60427e55
49
53 This command is intended for use with local signatures e.g. OpenPGP (
54 other signature formats may be added in the future ), as per contain‐
55 ers-signature(5). Furthermore, this command does not interact with the
56 artifacts generated by Docker Content Trust (DCT). For more informa‐
57 tion, please see containers-signature(5) ⟨https://github.com/contain‐
58 ers/image/blob/main/docs/containers-signature.5.md⟩.
59
62 skopeo(1), containers-signature(5), containers-policy.json(5)
63
66 Antonio Murdaca runcom@redhat.com ⟨mailto:runcom@redhat.com⟩, Miloslav
67 Trmac mitr@redhat.com ⟨mailto:mitr@redhat.com⟩, Jhon Honce jhonce@red‐
68 hat.com ⟨mailto:jhonce@redhat.com⟩
69 skopeo-standalone-verify(1)()