You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I try to do an offline verification on my signed container with cosign. I followed the description in the Readme.md first to save the image with cosign save ....
Afterwards I try to verify my image like this:
Error: no matching signatures: error verifying bundle: verifying bundle: rekor log public key not found for payload
main.go:74: error during command execution: no matching signatures: error verifying bundle: verifying bundle: rekor log public key not found for payload
I am using cosign version 2.4.0
Can you please describe met what I am doing wrong as documentation is not really helping me?
Thx for your help
Peter
The text was updated successfully, but these errors were encountered:
because you're in --offline mode, you'll need to have downloaded the Rekor public key you trust and set the path to that .pem file in the environment variable SIGSTORE_REKOR_PUBLIC_KEY
Question
Hi
I try to do an offline verification on my signed container with cosign. I followed the description in the Readme.md first to save the image with cosign save ....
Afterwards I try to verify my image like this:
cosign verify --certificate-identity [email protected] --certificate-oidc-issuer-regexp * --offline=true --local-image ./path
And always get following error:
Error: no matching signatures: error verifying bundle: verifying bundle: rekor log public key not found for payload
main.go:74: error during command execution: no matching signatures: error verifying bundle: verifying bundle: rekor log public key not found for payload
I am using cosign version 2.4.0
Can you please describe met what I am doing wrong as documentation is not really helping me?
Thx for your help
Peter
The text was updated successfully, but these errors were encountered: