-
I am working on on a distributed version control system and I would like to verify the signatures on git commits and tags.
A signed git commit is of the form:
```
commit 822tree 4f34cca433f96a7…
-
### Description
Currently it is not possible to verify the authenticity or cryptographic integrity of the downoads from your website or github.com because the releases are not cryptographically sig…
-
Hi there! Not sure if I've missed something, but is there a plan to support generating/verifying JWT signatures with `@oslojs/jwt`? It appears that you can only parse the JWT, but not validate that th…
-
Not sure how to isolate further from here, but I've been tracking down a memory leak in gun and have isolated it to the following line:
https://github.com/amark/gun/blob/master/sea/verify.js#L28
…
-
Add support for verifying signatures .sig (file + signatures)
At the moment, the functionality is not supported when opening a signature (on android I can not find software for working with a signatu…
-
Hello! I'm trying to use this crate for verifying RSA PKCS1 signatures in X.509 certificates.
What's the best way to parse a DER BitString and get a `rsa::pkcs1v15::Signature` out of it? I see that…
-
Currently, there is no decent API to verify package signatures. There are various APIs that *can* be used, but they all are flawed in one way or another.
I propose an `rpmRC rpmVerifyPackageSignat…
-
When verifying the signed container image with notation I am getting the error
notation verify $IMAGE
Warning: Always verify the artifact using digest(@sha256:...) rather than a tag(:v1) because r…
-
I tried using the auth keys published on Apple's website:
```
$signedTransactionJWT = $response['signedTransactions'][0];
$appleKeysText = file_get_contents('https://appleid.apple.com/auth/key…
-
As a user, I want to pull signatures from remote registry, using tag or digest references
Note: decision by group to push past RC-1, since notation verify does pull automatically, and this really b…