Skip to content

Commit

Permalink
fix: add signature algorithms
Browse files Browse the repository at this point in the history 
Signed-off-by: Vishal Choudhary <[email protected]>
  • Loading branch information
@vishal-chdhry
vishal-chdhry committed Sep 26, 2024
1 parent 8e28c56 commit ce4fb41
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion content/en/docs/writing-policies/verify-images/sigstore/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -749,7 +749,7 @@ verifyImages:

## Using a different signature algorithm

By default, cosign uses `sha256` has func when computing digests. To use a different signature algorithm, specify the signature algorithm for each attestor:
By default, cosign uses `sha256` has func when computing digests. To use a different signature algorithm, specify the signature algorithm for each attestor as follows:

```yaml
...
Expand All @@ -767,6 +767,8 @@ verifyImages:
-----END PUBLIC KEY-----
...
```
Allowed values for signature algorithm are `sha224`, `sha256`, `sha384`, `sha512`.

## Ignoring Tlogs and SCT Verification

Cosign uses Rekor, a transparency log service to store signatures. In Cosign 2.0 verifies Rekor entries for both key-based and identity-based signing. To disable this set `ignoreTlog: true` in Kyverno policies:
Expand Down

0 comments on commit ce4fb41

Please sign in to comment.