Skip to content

Commit

Permalink
workflow update
Browse files Browse the repository at this point in the history
Signed-off-by: rgnote <[email protected]>
  • Loading branch information
rgnote committed Feb 20, 2024
1 parent cf6b58f commit d481ee4
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion specs/signing-and-verification-workflow.md
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ The user wants to consume an arbitrary blob only if it was signed by a trusted p
### Verification Steps

1. **Should implementations of this specification verify the signature? :** Depending upon [trust-policy](./trust-store-trust-policy.md#blob-trust-policy) configuration, determine whether implementations of this specification need to verify the signature or not.
If signature verification should be skipped for the given blob, skip the below steps and directly jump to step 4.
If signature verification should be skipped for the given blob, skip the below steps.
1. **Verify the detached signature:**
1. Parse and validate the signature envelope using the detached signature's file extension as the envelope type.
1. Verify the signature envelope using trust-store and trust-policy as mentioned in [signature evaluation](./trust-store-trust-policy.md#signature-evaluation) section.
Expand Down

0 comments on commit d481ee4

Please sign in to comment.