Title here
Summary here
Sign and Verify
Guides for cryptographically signing and verifying OCM component versions.
Protect the integrity and authenticity of your component versions through cryptographic signing and verification.
These guides walk you through the complete signing workflow — from generating keys to verifying signatures in production.
Guides in This Section
- Generate Signing Keys — Create RSA key pairs for signing and verification
- Configure Signing Credentials — Set up OCM to use your keys
- Sign Component Versions — Attach cryptographic signatures to component versions
- Verify Component Versions — Validate signatures to ensure authenticity and integrity
Generate Signing Keys
Create an RSA key pair for signing and verifying OCM component versions.
Configure Credentials for Signing
Configure OCM signing and verification keys using .ocmconfig or signer specification files.
Sign Component Versions
Cryptographically sign a component version using key-based or keyless signing algorithms.
Verify Component Versions
Validate component version signatures using key-based or keyless verification methods.