Working with blobs

cosign supports standard files and blobs, in addition to containers.

You can upload blobs to an OCI registry (similar to ORAS) where they can then be signed/verified like any other image, or you can sign blobs locally as standard files.

Blobs in OCI Registries

You can publish an artifact with cosign upload blob:

$ echo "my first artifact" > artifact
$ cosign upload blob -f artifact
Uploading file from [artifact] to [] with media type [text/plain; charset=utf-8]
File is available directly at []

Your users can download it from the "direct" url with standard tools like curl or wget:

$ curl -L > artifact

The digest is baked right into the URL, so they can check that as well:

curl -L | shasum -a 256
97f16c28f6478f3c02d7fff4c7f3c2a30041b72eb6852ca85b919fd85534ed4b  -

You can sign it with the normal cosign sign command and flags:

cosign sign --key cosign.key
Enter password for private key:
Pushing signature to:


We also include the sget command for safer, automatic verification of signatures and integration with our binary transparency log, Rekor.

To install sget, if you have Go 1.16+, you can directly run:

$ go install

and the resulting binary will be placed at $GOPATH/bin/sget (or $GOBIN/sget, if set).

Just like curl, sget can be used to fetch artifacts by digest using the OCI URL. Digest verification is automatic:

$ sget > artifact

You can also use sget to fetch contents by tag. Fetching contents without verifying them is dangerous, so we require the artifact be signed in this case:

$ sget
error: public key must be specified when fetching by tag, you must fetch by digest or supply a public key

$ sget --key > foo

Verification for --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The signatures were verified against the specified public key
  - Any certificates were verified against the Fulcio roots.

The signature, claims and transparency log proofs are all verified automatically by sget as part of the download.

curl | bash isn't a great idea, but sget | bash is less-bad.

Signing blobs as files

The cosign sign-blob and cosign verify-blob commands can be used to sign and verify standard files, in the absence of a registry.

Signatures are output as base64 encoded strings to stdout by default.

$ cosign sign-blob --key cosign.key
Using payload from:
Enter password for private key:

$ cosign verify-blob --key --signature MEQCIAU4wPBpl/U5Vtdx/eJFgR0nICiiNCgyWPWarupH0onwAiAv5ycIKgztxHNVG7bzUjqHuvK2gsc4MWxwDgtDh0JINw==
Verified OK

This supports all the same flags and features as cosign sign, including KMS support, hardware tokens, and keyless signatures.

Certificate management

When using cosign sign-blob in keyless mode, you may need to store the certificate (in addition to the signature) for verification. This output defaults to stderr, but can be redirected to a file by using the --output-certificate and --output-signature flags.

COSIGN_EXPERIMENTAL=1 cosign sign-blob --output-certificate cert.pem --output-signature sig
Using payload from:
Generating ephemeral keys...
Retrieving signed certificate...
Your browser will now be opened to:
Successfully verified SCT...
using ephemeral certificate:

tlog entry created with index: 965333
Signature wrote in the file sig
Certificate wrote in the file cert.pem
Edit this page on GitHub Updated at Fri, Jun 24, 2022