2025-03-14 21:59:59 -06:00
|
|
|
# in-toto-sign
|
|
|
|
|
|
|
|
|
|
> Sign in-toto link or layout metadata or verify their signatures.
|
|
|
|
|
> More information: <https://in-toto.readthedocs.io/en/latest/command-line-tools/in-toto-sign.html>.
|
|
|
|
|
|
|
|
|
|
- Sign 'unsigned.layout' with two keys and write it to 'root.layout':
|
|
|
|
|
|
2025-05-08 12:26:01 -06:00
|
|
|
`in-toto-sign {{[-f|--file]}} {{unsigned.layout}} {{[-k|--keep]}} {{priv_key1}} {{priv_key2}} {{[-o|--output]}} {{root.layout}}`
|
2025-03-14 21:59:59 -06:00
|
|
|
|
|
|
|
|
- Replace signature in link file and write to default filename:
|
|
|
|
|
|
2025-05-08 12:26:01 -06:00
|
|
|
`in-toto-sign {{[-f|--file]}} {{package.2f89b927.link}} {{[-k|--keep]}} {{priv_key}}`
|
2025-03-14 21:59:59 -06:00
|
|
|
|
|
|
|
|
- Verify a layout signed with 3 keys:
|
|
|
|
|
|
2025-05-08 12:26:01 -06:00
|
|
|
`in-toto-sign {{[-f|--file]}} {{root.layout}} {{[-k|--keep]}} {{pub_key0}} {{pub_key1}} {{pub_key2}} --verify`
|
2025-03-14 21:59:59 -06:00
|
|
|
|
|
|
|
|
- Sign a layout with the default GPG key in default GPG keyring:
|
|
|
|
|
|
2025-05-08 12:26:01 -06:00
|
|
|
`in-toto-sign {{[-f|--file]}} {{root.layout}} {{[-g|--gpg]}}`
|
2025-03-14 21:59:59 -06:00
|
|
|
|
|
|
|
|
- Verify a layout with a GPG key identified by keyid '...439F3C2':
|
|
|
|
|
|
2025-05-08 12:26:01 -06:00
|
|
|
`in-toto-sign {{[-f|--file]}} {{root.layout}} --verify {{[-g|--gpg]}} {{...439F3C2}}`
|
