红帽全球峰会Chapter 4. Verifying Red Hat signatures
You can use Red Hat Trusted Artifact Signer (RHTAS) to verify the authenticity of Red Hat’s products, and artificial intelligence (AI) generated Granite models.
Prerequisites
- Installation of RHTAS running on Red Hat Enterprise Linux or Red Hat OpenShift Container Platform.
- Access to the Red Hat’s Customer Portal for downloading product signing keys.
-
A workstation with the
cosignbinary installed, version 2.2 or later.
Procedure
- Download Red Hat’s product signing keys from the Customer Portal for the products you want to verify. This downloads a text file containing Red Hat’s public key signature.
Open a terminal on your workstation. Download the Rekor public key, and create a new
rekor.pemfile:curl https://REKOR_HOSTNAME/api/v1/log/publicKey > rekor.pem
$ curl https://REKOR_HOSTNAME/api/v1/log/publicKey > rekor.pemCopy to Clipboard Copied! Toggle word wrap Toggle overflow Create a new cosign public key from the Red Hat product signing key:
cat 63405576.txt > cosign.pub
$ cat 63405576.txt > cosign.pubCopy to Clipboard Copied! Toggle word wrap Toggle overflow Configure your shell environment for cosign to use the new Rekor public key:
export SIGSTORE_REKOR_PUBLIC_KEY=rekor.pem
$ export SIGSTORE_REKOR_PUBLIC_KEY=rekor.pemCopy to Clipboard Copied! Toggle word wrap Toggle overflow Verify a Red Hat signed image by using the cosign public key:
cosign verify --key cosign.pub IMAGE_NAME:TAG
cosign verify --key cosign.pub IMAGE_NAME:TAGCopy to Clipboard Copied! Toggle word wrap Toggle overflow cosign verify --key cosign.pub registry.redhat.io/rhelai1/granite-3.1-8b-starter-v1:latest
$ cosign verify --key cosign.pub registry.redhat.io/rhelai1/granite-3.1-8b-starter-v1:latestCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}