bug: no certificate found on signature error for using public key to verify signature

Question

bug: no certificate found on signature error for using public key to verify signature

Closed this issue 3 years ago · 0 comments

Description

I notice that when I try to verify the signature by using a public key, the verify sub-command still tries to verify the signature with a transparency log.

Steps to reproduce:

$ cosign generate-key-pair
$ kubectl run alpine --image=alpine \
    --restart='Never' \
    --dry-run=client -oyaml -- sh -c "sleep 600" > alpine.yaml
$ kubectl sigstore sign -f alpine.yaml \
      -k cosign.key \
      -i gcr.io/$(gcloud config get-value project)/hello-k8s-manifest-sigstore:v1 # succeed and alpine.yaml.signed file generated
$ kubectl sigstore verify -f alpine.yaml.signed -k cosign.pub
error occured during signature verification: error occured while verifying image `gcr.io/developerguy-311909/hello-k8s-manifest-sigstore:v1`; no matching signatures:
no certificate found on signature

cosign version: 0.8.3