diff --git a/Cargo.toml b/Cargo.toml
index 50455fd..9efc7e6 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -14,7 +14,7 @@ fn-error-context = "0.2.0"
 futures-util = "0.3.13"
 # NOTE when bumping this in a semver-incompatible way, because we re-export it you
 # must also bump the semver of this project.
-oci-spec = "0.6.5"
+oci-spec = "0.7.0"
 rustix = { version = "0.38", features = ["process", "net"] }
 serde = { features = ["derive"], version = "1.0.125" }
 serde_json = "1.0.64"
diff --git a/examples/client.rs b/examples/client.rs
index de484e4..e0ed840 100644
--- a/examples/client.rs
+++ b/examples/client.rs
@@ -2,7 +2,7 @@ use std::io::Write;
 
 use anyhow::Result;
 use clap::Parser;
-use oci_spec::image::ImageManifest;
+use oci_spec::image::{Digest, ImageManifest};
 use tokio::io::AsyncReadExt;
 
 #[derive(clap::Parser, Debug)]
@@ -17,7 +17,7 @@ struct GetBlobOpts {
     reference: String,
 
     /// The digest of the target blob to fetch
-    digest: String,
+    digest: Digest,
 
     /// The size of the blob to fetch
     size: u64,
diff --git a/src/imageproxy.rs b/src/imageproxy.rs
index 48e363c..92ee908 100644
--- a/src/imageproxy.rs
+++ b/src/imageproxy.rs
@@ -8,6 +8,7 @@ use anyhow::{anyhow, Context, Result};
 use cap_std_ext::prelude::CapStdExtCommandExt;
 use cap_std_ext::{cap_std, cap_tempfile};
 use futures_util::Future;
+use oci_spec::image::{Descriptor, Digest};
 use serde::{Deserialize, Serialize};
 use std::fs::File;
 use std::ops::Range;
@@ -234,10 +235,10 @@ impl TryFrom<ImageProxyConfig> for Command {
 pub struct ConvertedLayerInfo {
     /// Uncompressed digest of a layer; for more information, see
     /// https://github.com/opencontainers/image-spec/blob/main/config.md#layer-diffid
-    pub digest: String,
+    pub digest: Digest,
 
     /// Size of blob
-    pub size: i64,
+    pub size: u64,
 
     /// Mediatype of blob
     pub media_type: oci_spec::image::MediaType,
@@ -474,7 +475,7 @@ impl ImageProxy {
     pub async fn get_blob(
         &self,
         img: &OpenedImage,
-        digest: &str,
+        digest: &Digest,
         size: u64,
     ) -> Result<(
         impl AsyncBufRead + Send + Unpin,
@@ -493,6 +494,20 @@ impl ImageProxy {
         Ok((fd, finish))
     }
 
+    /// Fetch a descriptor. The requested size and digest are verified (by the proxy process).
+    #[instrument]
+    pub async fn get_descriptor(
+        &self,
+        img: &OpenedImage,
+        descriptor: &Descriptor,
+    ) -> Result<(
+        impl AsyncBufRead + Send + Unpin,
+        impl Future<Output = Result<()>> + Unpin + '_,
+    )> {
+        self.get_blob(img, descriptor.digest(), descriptor.size())
+            .await
+    }
+
     ///Returns data that can be used to find the "diffid" corresponding to a particular layer.
     #[instrument]
     pub async fn get_layer_info(