Table of Contents

Class Verifier

Namespace
Sigstore.Verification
Assembly
Sigstore.dll

Primary public entry point for Sigstore bundle verification.

public sealed class Verifier
Inheritance
Verifier
Inherited Members

Constructors

Verifier(VerificationPipeline, ITufClient, ILogger<Verifier>)

Creates a verifier.

public Verifier(VerificationPipeline pipeline, ITufClient tufClient, ILogger<Verifier> logger)

Parameters

pipeline VerificationPipeline

Verification pipeline.

tufClient ITufClient

TUF client used when no explicit trusted root is supplied.

logger ILogger<Verifier>

Logger.

Methods

VerifyAsync(string, ReadOnlyMemory<byte>, VerificationPolicy, string?, CancellationToken)

Verifies a Sigstore bundle, optionally using a caller-provided trusted root JSON (for example from --trusted-root in conformance tests).

public Task<VerificationResult> VerifyAsync(string bundleJson, ReadOnlyMemory<byte> artifact, VerificationPolicy policy, string? trustedRootJson, CancellationToken cancellationToken)

Parameters

bundleJson string

Bundle JSON text.

artifact ReadOnlyMemory<byte>

Artifact bytes.

policy VerificationPolicy

Identity policy.

trustedRootJson string

Optional trusted root JSON. When null, the Public Good TUF flow is used.

cancellationToken CancellationToken

Cancellation token.

Returns

Task<VerificationResult>

Verification result.

VerifyAsync(string, ReadOnlyMemory<byte>, VerificationPolicy, CancellationToken)

Verifies a Sigstore bundle for an artifact using the Public Good trusted root fetched via TUF.

public Task<VerificationResult> VerifyAsync(string bundleJson, ReadOnlyMemory<byte> artifact, VerificationPolicy policy, CancellationToken cancellationToken)

Parameters

bundleJson string

Bundle JSON text.

artifact ReadOnlyMemory<byte>

Artifact bytes.

policy VerificationPolicy

Identity policy.

cancellationToken CancellationToken

Cancellation token.

Returns

Task<VerificationResult>

Verification result.

VerifyWithKeyAsync(string, ReadOnlyMemory<byte>, string, string?, CancellationToken)

Verifies a Sigstore bundle using a caller-provided public key (managed-key mode). Skips Fulcio certificate chain validation and identity policy enforcement.

public Task<VerificationResult> VerifyWithKeyAsync(string bundleJson, ReadOnlyMemory<byte> artifact, string publicKeyPem, string? trustedRootJson, CancellationToken cancellationToken)

Parameters

bundleJson string
artifact ReadOnlyMemory<byte>
publicKeyPem string
trustedRootJson string
cancellationToken CancellationToken

Returns

Task<VerificationResult>
Edit this page