% skopeo-standalone-verify(1)
skopeo-standalone-verify - Verify an image signature.
skopeo standalone-verify manifest docker-reference key-fingerprint signature
Verify a signature using local files, digest will be printed on success.
manifest Path to a file containing the image manifest
docker-reference A docker reference expected to identify the image in the signature
key-fingerprint Expected identity of the signing key
signature Path to signature file
Note: If you do use this, make sure that the image can not be changed at the source location between the times of its verification and use.
$ skopeo standalone-verify busybox-manifest.json registry.example.com/example/busybox 1D8230F6CDB6A06716E414C1DB72F2188BB46CC8 busybox.signature
Signature verified, digest sha256:20bf21ed457b390829cdbeec8795a7bea1626991fda603e0d01b4e7f60427e55
skopeo(1), containers-signature(5)
Antonio Murdaca runcom@redhat.com, Miloslav Trmac mitr@redhat.com, Jhon Honce jhonce@redhat.com