Table of Contents

Namespace Sigstore.Tuf

Classes

TrustedRootLoader

Loads TrustedRoot messages from the Sigstore protobuf JSON encoding.

TufCanonicalJson

Produces a deterministic UTF-8 encoding of TUF signed metadata objects suitable for signature verification. This follows the same structural rules as the secure-systems-lab reference (go-securesystemslib canonical JSON): objects have lexicographically sorted keys, no insignificant whitespace, and stable array ordering.

TufClient

Minimal TUF client for the Sigstore Public Good Instance that bootstraps from a versioned root published on tuf-repo-cdn.sigstore.dev, then refreshes timestamp/snapshot/targets metadata and downloads trusted_root.json.

Interfaces

ITufClient

Fetches the Sigstore Public Good trusted root via TUF.