Working with Blobs

Cosign supports signing and verifying standard files and blobs (or binary large objects), in addition to containers.

You can upload blobs to an OCI registry (similar to ORAS) where they can then be signed/verified like any other image, or you can sign blobs locally as standard files.

Blobs in OCI Registries

You can publish an artifact with cosign upload blob:

$ echo "my first artifact" > artifact
$ cosign upload blob -f artifact
Uploading file from [artifact] to [] with media type [text/plain; charset=utf-8]
File is available directly at []

Your users can download it from the "direct" url with standard tools like curl or wget:

$ curl -L > artifact

The digest is baked right into the URL, so they can check that as well:

curl -L | shasum -a 256
97f16c28f6478f3c02d7fff4c7f3c2a30041b72eb6852ca85b919fd85534ed4b  -

You can sign it with the normal cosign sign command and flags:

cosign sign --key cosign.key
Enter password for private key:
Pushing signature to:


We also include the sget command for safer, automatic verification of signatures and integration with our binary transparency log, Rekor.

To install sget, if you have Go 1.16+, you can directly run:

$ go install

and the resulting binary will be placed at $GOPATH/bin/sget (or $GOBIN/sget, if set).

Just like curl, sget can be used to fetch artifacts by digest using the OCI URL. Digest verification is automatic:

$ sget > artifact

You can also use sget to fetch contents by tag. Fetching contents without verifying them is dangerous, so we require the artifact be signed in this case:

$ sget
error: public key must be specified when fetching by tag, you must fetch by digest or supply a public key

$ sget --key > foo

Verification for --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The signatures were verified against the specified public key
  - Any certificates were verified against the Fulcio roots.

The signature, claims and transparency log proofs are all verified automatically by sget as part of the download.

curl | bash isn't a great idea, but sget | bash is less-bad.

Signing blobs as files

The cosign sign-blob and cosign verify-blob commands can be used to sign and verify standard files, in the absence of a registry.

Signatures are output as base64 encoded strings to stdout by default.

$ cosign sign-blob --key cosign.key
Using payload from:
Enter password for private key:

$ cosign verify-blob --key --signature MEQCIAU4wPBpl/U5Vtdx/eJFgR0nICiiNCgyWPWarupH0onwAiAv5ycIKgztxHNVG7bzUjqHuvK2gsc4MWxwDgtDh0JINw==
Verified OK

This supports all the same flags and features as cosign sign, including KMS support, hardware tokens, and keyless signatures.

Certificate management

When using cosign sign-blob in keyless mode, you may need to store the certificate (in addition to the signature) for verification. This output defaults to stderr, but can be redirected to a file by using the --output-certificate and --output-signature flags.

COSIGN_EXPERIMENTAL=1 cosign sign-blob --output-certificate cert.pem --output-signature sig
Using payload from:
Generating ephemeral keys...
Retrieving signed certificate...
Your browser will now be opened to:
Successfully verified SCT...
using ephemeral certificate:

tlog entry created with index: 965333
Signature wrote in the file sig
Certificate wrote in the file cert.pem
Edit this page on GitHub Updated at Tue, Oct 4, 2022