Signatures and Checksums
autocert uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
COSIGN_EXPERIMENTAL=1 cosign verify-blob \
--certificate ~/Downloads/autocert_linux_0.20.4_amd64.tar.gz.pem \
--signature ~/Downloads/autocert_linux0.20.4_amd64.tar.gz.sig \
~/Downloads/autocert_linux0.20.4_amd64.tar.gz
The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.
Changelog
- a0fb1a5 Merge pull request #413 from smallstep/dependabot/go_modules/github.com/smallstep/certificates-0.29.0
- 4ffb6b0 build(deps): bump github.com/smallstep/certificates
Thanks!
Those were the changes on v0.20.4!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.