in-toto-sign

Sign in-toto link or layout metadata or verify their signatures.

• Sign 'unsigned.layout' with two keys and write it to 'root.layout':

in-toto-sign -f {unsigned.layout} -k {priv_key1} {priv_key2} -o {root.layout}

• Replace signature in link file and write to default filename:

in-toto-sign -f {package.2f89b927.link} -k {priv_key}

• Verify a layout signed with 3 keys:

in-toto-sign -f {root.layout} -k {pub_key0} {pub_key1} {pub_key2} --verify

• Sign a layout with the default GPG key in default GPG keyring:

in-toto-sign -f {root.layout} --gpg

• Verify a layout with a GPG key identified by keyid '...439F3C2':

in-toto-sign -f {root.layout} --verify --gpg {...439F3C2}

Copyright © 2014—present the tldr-pages team and contributors.

This work is licensed under the Creative Commons Attribution 4.0 International License (CC-BY).