From 68f5e96fd43944cf37866e208ac33de495a845d8 Mon Sep 17 00:00:00 2001 From: Robin Bryce Date: Tue, 10 Dec 2024 19:46:38 +0000 Subject: [PATCH 01/14] feat: updates for cbor all the things * remove use of /tmp in favour of current working directory. tmp breaks the examples for macos * note that indexing and retrieval for the meta map is a future release thing. * describe how to capture the leaf hash from registration so verification can be accomplished directly * purposefuly don't get into the details of computing the leaf hash --- .../developer-patterns/scitt-api/index.md | 65 +++++++++++-------- 1 file changed, 37 insertions(+), 28 deletions(-) diff --git a/content/developers/developer-patterns/scitt-api/index.md b/content/developers/developer-patterns/scitt-api/index.md index b963c4eaa..f82a8fe6b 100644 --- a/content/developers/developer-patterns/scitt-api/index.md +++ b/content/developers/developer-patterns/scitt-api/index.md @@ -74,22 +74,19 @@ Clone the [DataTrails SCITT Examples](https://github.com/datatrails/datatrails-s ISSUER="sample.synsation.io" # signing key to sign the SCITT Statements - SIGNING_KEY="/tmp/my-signing-key.pem" + SIGNING_KEY="my-signing-key.pem" # File representing the signed statement to be registered - SIGNED_STATEMENT_FILE="/tmp/signed-statement.cbor" + SIGNED_STATEMENT_FILE="signed-statement.cbor" # File representing the transparent statement, which includes the signed statement and the registration receipt - TRANSPARENT_STATEMENT_FILE="/tmp/transparent-statement.cbor" + TRANSPARENT_STATEMENT_FILE="transparent-statement.cbor" # Property used to correlate a collection of statements about an artifact SUBJECT="my-product-id" - - # Sub Directory for SCITT scripts - SCRIPTS="datatrails_scitt_samples/scripts/" - # For local script execution, help Python find the modules - export PYTHONPATH="${PYTHONPATH}:$SCRIPTS" + # File to store the verifiable event data in + VERIFIABLE_EVENT_FILE="event.json" ``` ## Create a Signing Key @@ -109,7 +106,7 @@ For the Quickstart, create a testing key which DataTrails will cryptographically Create any payload you wish to register on DataTrails. ```bash -cat > /tmp/payload.json < payload.json < /tmp/metadata.json < metadata.json < ```bash -python ${SCRIPTS}create_hashed_signed_statement.py \ +python -m datatrails_scitt_samples.scripts.create_hashed_signed_statement \ --content-type "application/json" \ --issuer $ISSUER \ - --metadata-file "/tmp/metadata.json" \ + --metadata-file "metadata.json" \ --output-file $SIGNED_STATEMENT_FILE \ - --payload-file /tmp/payload.json \ + --payload-file payload.json \ --payload-location "https://storage.example/$SUBJECT" \ --signing-key-file $SIGNING_KEY \ --subject $SUBJECT @@ -173,28 +170,34 @@ python ${SCRIPTS}create_hashed_signed_statement.py \ 1. Submit the Signed Statement to DataTrails, using the credentials in the `DATATRAILS_CLIENT_ID` and `DATATRAILS_CLIENT_SECRET`. ```bash - python ${SCRIPTS}register_signed_statement.py \ - --signed-statement-file $SIGNED_STATEMENT_FILE \ + python -m datatrails_scitt_samples.scripts.register_signed_statement \ + --signed-statement-file signed-statement.cbor \ --output-file $TRANSPARENT_STATEMENT_FILE \ --log-level INFO ``` + Find and copy the leaf hash from the output. It will look like this: + ``` + INFO:register-statement:Leaf Hash: 30f5650fbe3355ca892094a3fbe88e5fa3a9ae47fe3d0bbace348181eb2b76db + ``` + 1. View the Transparent Statement, as a result of registering the Signed Statement ```bash - python datatrails_scitt_samples/dump_cbor.py \ - --input $TRANSPARENT_STATEMENT_FILE + python -m datatrails_scitt_samples.dump_cbor \ + --input transparent-statement.cbor ``` - + + Following the example above $LEAF should be: + `30f5650fbe3355ca892094a3fbe88e5fa3a9ae47fe3d0bbace348181eb2b76db` ## Retrieve Statements for the Artifact @@ -204,11 +207,17 @@ By querying the series of statements, consumers can verify who did what and when 1. Query DataTrails for the collection of statements ```bash - PARAMS="event_attributes.subject=${SUBJECT}&page_size=3" + PARAMS="event_attributes.subject=${SUBJECT}&page_size=1" curl "https://app.datatrails.ai/archivist/v2/publicassets/-/events?${PARAMS}" \ | jq ``` + The events are listed starting with the most recently added. + +{{< note >}} +Coming soon: Filter on specific values, conveyed in the protected header. For example content types, such as what SBOMs have been registered, which issuers have made statements, or custom key value pairs. +{{< /note >}} + ## Summary The quickstart created a collection of statements for a given artifact. From a54749d3153743512d3b5464c4a82f18dfb89256 Mon Sep 17 00:00:00 2001 From: Robin Bryce Date: Wed, 11 Dec 2024 10:17:24 +0000 Subject: [PATCH 02/14] use the restored verify_statement script and update for the improved output format for register_statement --- .../developer-patterns/scitt-api/index.md | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/content/developers/developer-patterns/scitt-api/index.md b/content/developers/developer-patterns/scitt-api/index.md index f82a8fe6b..c0fe68a44 100644 --- a/content/developers/developer-patterns/scitt-api/index.md +++ b/content/developers/developer-patterns/scitt-api/index.md @@ -85,8 +85,9 @@ Clone the [DataTrails SCITT Examples](https://github.com/datatrails/datatrails-s # Property used to correlate a collection of statements about an artifact SUBJECT="my-product-id" - # File to store the verifiable event data in - VERIFIABLE_EVENT_FILE="event.json" + # A command which produces a hash, eg sha256sum on linux, or shasum on macos + # The specific algorithm is not important for these examples + HASH_COMMAND=sha256sum ``` ## Create a Signing Key @@ -122,7 +123,7 @@ EOF Create metadata with a dictionary of `key:value` pairs. ```bash -HASH=$(shasum "payload.json" | cut -d ' ' -f 1) +HASH=$($HASH_COMMAND "payload.json" | cut -d ' ' -f 1) cat > metadata.json < Date: Wed, 11 Dec 2024 12:02:59 +0000 Subject: [PATCH 03/14] review updates --- .../developer-patterns/scitt-api/index.md | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/content/developers/developer-patterns/scitt-api/index.md b/content/developers/developer-patterns/scitt-api/index.md index c0fe68a44..fd2dfd614 100644 --- a/content/developers/developer-patterns/scitt-api/index.md +++ b/content/developers/developer-patterns/scitt-api/index.md @@ -54,7 +54,7 @@ Clone the [DataTrails SCITT Examples](https://github.com/datatrails/datatrails-s 1. Create a Python Virtual Environment for the sample scripts and install the dependencies ```bash - python -m venv venv && \ + python3 -m venv venv && \ source venv/bin/activate && \ trap deactivate EXIT && \ pip install --upgrade pip && \ @@ -90,6 +90,11 @@ Clone the [DataTrails SCITT Examples](https://github.com/datatrails/datatrails-s HASH_COMMAND=sha256sum ``` +{{< note >}} +These defaults will place files in your current working directory. Consider replacing the file paths with absoloute paths to your platforms temporary location. Eg `SIGNING_KEY="/tmp/my-signing-key.pem"` +{{< /note >}} + + ## Create a Signing Key {{< note >}} @@ -142,7 +147,7 @@ The payload may already be stored in another storage/package manager, which can ```bash -python -m datatrails_scitt_samples.scripts.create_hashed_signed_statement \ +python3 -m datatrails_scitt_samples.scripts.create_hashed_signed_statement \ --content-type "application/json" \ --issuer $ISSUER \ --metadata-file "metadata.json" \ @@ -171,8 +176,8 @@ python -m datatrails_scitt_samples.scripts.create_hashed_signed_statement \ 1. Submit the Signed Statement to DataTrails, using the credentials in the `DATATRAILS_CLIENT_ID` and `DATATRAILS_CLIENT_SECRET`. ```bash - python -m datatrails_scitt_samples.scripts.register_signed_statement \ - --signed-statement-file signed-statement.cbor \ + python3 -m datatrails_scitt_samples.scripts.register_signed_statement \ + --signed-statement-file $SIGNED_STATEMENT_FILE \ --output-file $TRANSPARENT_STATEMENT_FILE \ --log-level INFO ``` @@ -189,14 +194,14 @@ python -m datatrails_scitt_samples.scripts.create_hashed_signed_statement \ 1. View the Transparent Statement, as a result of registering the Signed Statement ```bash - python -m datatrails_scitt_samples.dump_cbor \ + python3 -m datatrails_scitt_samples.dump_cbor \ --input $TRANSPARENT_STATEMENT_FILE ``` 1. Verify the the receipt ```bash - python -m datatrails_scitt_samples.scripts.verify_receipt \ + python3 -m datatrails_scitt_samples.scripts.verify_receipt \ --transparent-statement-file $TRANSPARENT_STATEMENT_FILE \ --leaf $LEAF ``` From 32ee14a2ab3227db1a5d9d3b8d46ed59c542da72 Mon Sep 17 00:00:00 2001 From: Robin Bryce Date: Wed, 11 Dec 2024 12:09:46 +0000 Subject: [PATCH 04/14] add note about session persistence to config section --- content/developers/developer-patterns/scitt-api/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/developers/developer-patterns/scitt-api/index.md b/content/developers/developer-patterns/scitt-api/index.md index fd2dfd614..b88b53fff 100644 --- a/content/developers/developer-patterns/scitt-api/index.md +++ b/content/developers/developer-patterns/scitt-api/index.md @@ -91,7 +91,7 @@ Clone the [DataTrails SCITT Examples](https://github.com/datatrails/datatrails-s ``` {{< note >}} -These defaults will place files in your current working directory. Consider replacing the file paths with absoloute paths to your platforms temporary location. Eg `SIGNING_KEY="/tmp/my-signing-key.pem"` +These defaults will place files in your current working directory. For session persistence, consider replacing the file paths with absolute paths. For example `SIGNING_KEY="$HOME/.datatrails/my-signing-key.pem"` {{< /note >}} From b41b6c3b4feac6bed10e04f54080ebd3924dc9a8 Mon Sep 17 00:00:00 2001 From: Steve Lasker Date: Wed, 11 Dec 2024 07:12:54 -0800 Subject: [PATCH 05/14] Update content/developers/developer-patterns/scitt-api/index.md Signed-off-by: Steve Lasker --- content/developers/developer-patterns/scitt-api/index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/content/developers/developer-patterns/scitt-api/index.md b/content/developers/developer-patterns/scitt-api/index.md index b88b53fff..3830f8e5b 100644 --- a/content/developers/developer-patterns/scitt-api/index.md +++ b/content/developers/developer-patterns/scitt-api/index.md @@ -94,7 +94,6 @@ Clone the [DataTrails SCITT Examples](https://github.com/datatrails/datatrails-s These defaults will place files in your current working directory. For session persistence, consider replacing the file paths with absolute paths. For example `SIGNING_KEY="$HOME/.datatrails/my-signing-key.pem"` {{< /note >}} - ## Create a Signing Key {{< note >}} From c18eb9f2162fe1ccfd39879cea8bda75f63aeab5 Mon Sep 17 00:00:00 2001 From: Steve Lasker Date: Wed, 11 Dec 2024 07:14:36 -0800 Subject: [PATCH 06/14] Update content/developers/developer-patterns/scitt-api/index.md Signed-off-by: Steve Lasker --- content/developers/developer-patterns/scitt-api/index.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/developers/developer-patterns/scitt-api/index.md b/content/developers/developer-patterns/scitt-api/index.md index 3830f8e5b..73ff1fb3e 100644 --- a/content/developers/developer-patterns/scitt-api/index.md +++ b/content/developers/developer-patterns/scitt-api/index.md @@ -224,7 +224,8 @@ By querying the series of statements, consumers can verify who did what and when The events are listed starting with the most recently added. {{< note >}} -Coming soon: Filter on specific values, conveyed in the protected header. For example content types, such as what SBOMs have been registered, which issuers have made statements, or custom key value pairs. +Coming soon: Filter on specific values conveyed in the protected header. +For example, content types, such as what SBOMs have been registered, which issuers have made statements or custom key-value pairs. {{< /note >}} ## Summary From 6c3ee091b4c17fc6fa89933de092610b975dadf5 Mon Sep 17 00:00:00 2001 From: Steve Lasker Date: Wed, 11 Dec 2024 07:14:55 -0800 Subject: [PATCH 07/14] Update content/developers/developer-patterns/scitt-api/index.md Signed-off-by: Steve Lasker --- content/developers/developer-patterns/scitt-api/index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/developers/developer-patterns/scitt-api/index.md b/content/developers/developer-patterns/scitt-api/index.md index 73ff1fb3e..bb8efea4e 100644 --- a/content/developers/developer-patterns/scitt-api/index.md +++ b/content/developers/developer-patterns/scitt-api/index.md @@ -91,7 +91,9 @@ Clone the [DataTrails SCITT Examples](https://github.com/datatrails/datatrails-s ``` {{< note >}} -These defaults will place files in your current working directory. For session persistence, consider replacing the file paths with absolute paths. For example `SIGNING_KEY="$HOME/.datatrails/my-signing-key.pem"` +These defaults will place files in your current working directory. +For session persistence, consider replacing the file paths with absolute paths. +For example `SIGNING_KEY="$HOME/.datatrails/my-signing-key.pem"` {{< /note >}} ## Create a Signing Key From ee538a084b234f0d6beb6b231a1567bbb952ee7d Mon Sep 17 00:00:00 2001 From: Steve Lasker Date: Wed, 11 Dec 2024 07:47:58 -0800 Subject: [PATCH 08/14] Update content/developers/developer-patterns/scitt-api/index.md Signed-off-by: Steve Lasker --- content/developers/developer-patterns/scitt-api/index.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/content/developers/developer-patterns/scitt-api/index.md b/content/developers/developer-patterns/scitt-api/index.md index bb8efea4e..c5e3e5ff0 100644 --- a/content/developers/developer-patterns/scitt-api/index.md +++ b/content/developers/developer-patterns/scitt-api/index.md @@ -207,8 +207,12 @@ python3 -m datatrails_scitt_samples.scripts.create_hashed_signed_statement \ --leaf $LEAF ``` - Following the example above $LEAF should be: - `30f5650fbe3355ca892094a3fbe88e5fa3a9ae47fe3d0bbace348181eb2b76db` + Following the example above, $LEAF should be: + + ```output + 30f5650fbe3355ca892094a3fbe88e5fa3a9ae47fe3d0bbace348181eb2b76db + ``` + ## Retrieve Statements for the Artifact From c56408c67f06e415460d157316972f7fd74429ec Mon Sep 17 00:00:00 2001 From: Steve Lasker Date: Wed, 11 Dec 2024 08:15:44 -0800 Subject: [PATCH 09/14] Update content/developers/developer-patterns/scitt-api/index.md Signed-off-by: Steve Lasker --- content/developers/developer-patterns/scitt-api/index.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/content/developers/developer-patterns/scitt-api/index.md b/content/developers/developer-patterns/scitt-api/index.md index c5e3e5ff0..8a94bd009 100644 --- a/content/developers/developer-patterns/scitt-api/index.md +++ b/content/developers/developer-patterns/scitt-api/index.md @@ -186,8 +186,10 @@ python3 -m datatrails_scitt_samples.scripts.create_hashed_signed_statement \ The last line of the output will include the leaf entry that commits the statement to the merkle log. It will look like ``` - {"entryid": "assets_b9d32c32-8ab3-4b59-8de8-bd6393167450_events_7dd2a825-495e-4fc9-b572-5872a268c8a9", - "leaf": "30f5650fbe3355ca892094a3fbe88e5fa3a9ae47fe3d0bbace348181eb2b76db"} + { + "entryid": "assets_b9d32c32-8ab3-4b59-8de8-bd6393167450_events_7dd2a825-495e-4fc9-b572-5872a268c8a9", + "leaf": "30f5650fbe3355ca892094a3fbe88e5fa3a9ae47fe3d0bbace348181eb2b76db" + } ``` Add the `--log-level DEBUG` flag to help diagnose any issues. From c9fa3bab58c3b95b9e7fed03e5b47a466ad99ede Mon Sep 17 00:00:00 2001 From: Steve Lasker Date: Wed, 11 Dec 2024 08:16:31 -0800 Subject: [PATCH 10/14] Update content/developers/developer-patterns/scitt-api/index.md Signed-off-by: Steve Lasker --- content/developers/developer-patterns/scitt-api/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/developers/developer-patterns/scitt-api/index.md b/content/developers/developer-patterns/scitt-api/index.md index 8a94bd009..e85b9322d 100644 --- a/content/developers/developer-patterns/scitt-api/index.md +++ b/content/developers/developer-patterns/scitt-api/index.md @@ -224,7 +224,7 @@ By querying the series of statements, consumers can verify who did what and when 1. Query DataTrails for the collection of statements ```bash - PARAMS="event_attributes.subject=${SUBJECT}&page_size=1" + PARAMS="event_attributes.subject=${SUBJECT}&page_size=3" curl "https://app.datatrails.ai/archivist/v2/publicassets/-/events?${PARAMS}" \ | jq ``` From 15588056a0f80c0d8a6178ff20c27c2d4e16c729 Mon Sep 17 00:00:00 2001 From: steve lasker Date: Wed, 11 Dec 2024 08:21:45 -0800 Subject: [PATCH 11/14] nit cleanup, working with Robin Signed-off-by: steve lasker --- .../developer-patterns/scitt-api/index.md | 32 ++----------------- 1 file changed, 2 insertions(+), 30 deletions(-) diff --git a/content/developers/developer-patterns/scitt-api/index.md b/content/developers/developer-patterns/scitt-api/index.md index e85b9322d..6107f0ba4 100644 --- a/content/developers/developer-patterns/scitt-api/index.md +++ b/content/developers/developer-patterns/scitt-api/index.md @@ -84,18 +84,8 @@ Clone the [DataTrails SCITT Examples](https://github.com/datatrails/datatrails-s # Property used to correlate a collection of statements about an artifact SUBJECT="my-product-id" - - # A command which produces a hash, eg sha256sum on linux, or shasum on macos - # The specific algorithm is not important for these examples - HASH_COMMAND=sha256sum ``` -{{< note >}} -These defaults will place files in your current working directory. -For session persistence, consider replacing the file paths with absolute paths. -For example `SIGNING_KEY="$HOME/.datatrails/my-signing-key.pem"` -{{< /note >}} - ## Create a Signing Key {{< note >}} @@ -129,10 +119,8 @@ EOF Create metadata with a dictionary of `key:value` pairs. ```bash -HASH=$($HASH_COMMAND "payload.json" | cut -d ' ' -f 1) cat > metadata.json < - ```bash python3 -m datatrails_scitt_samples.scripts.create_hashed_signed_statement \ --content-type "application/json" \ @@ -185,15 +159,14 @@ python3 -m datatrails_scitt_samples.scripts.create_hashed_signed_statement \ The last line of the output will include the leaf entry that commits the statement to the merkle log. It will look like - ``` + + ```json { "entryid": "assets_b9d32c32-8ab3-4b59-8de8-bd6393167450_events_7dd2a825-495e-4fc9-b572-5872a268c8a9", "leaf": "30f5650fbe3355ca892094a3fbe88e5fa3a9ae47fe3d0bbace348181eb2b76db" } ``` - Add the `--log-level DEBUG` flag to help diagnose any issues. - 1. View the Transparent Statement, as a result of registering the Signed Statement ```bash @@ -215,7 +188,6 @@ python3 -m datatrails_scitt_samples.scripts.create_hashed_signed_statement \ 30f5650fbe3355ca892094a3fbe88e5fa3a9ae47fe3d0bbace348181eb2b76db ``` - ## Retrieve Statements for the Artifact The power of SCITT is the ability to retrieve the history of statements made for a given artifact. From a67cc434e47d863e1f34cc64f10f73fffe0f763f Mon Sep 17 00:00:00 2001 From: steve lasker Date: Fri, 13 Dec 2024 16:51:18 -0800 Subject: [PATCH 12/14] Ease passing LEAF to verify_receipt Signed-off-by: steve lasker --- .../developer-patterns/scitt-api/index.md | 32 +++++++++++++++---- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/content/developers/developer-patterns/scitt-api/index.md b/content/developers/developer-patterns/scitt-api/index.md index 6107f0ba4..55c45cd35 100644 --- a/content/developers/developer-patterns/scitt-api/index.md +++ b/content/developers/developer-patterns/scitt-api/index.md @@ -149,12 +149,14 @@ python3 -m datatrails_scitt_samples.scripts.create_hashed_signed_statement \ ## Register the SCITT Signed Statement on DataTrails 1. Submit the Signed Statement to DataTrails, using the credentials in the `DATATRAILS_CLIENT_ID` and `DATATRAILS_CLIENT_SECRET`. + The `LEAF` is captured on a successful execution for verification. ```bash - python3 -m datatrails_scitt_samples.scripts.register_signed_statement \ - --signed-statement-file $SIGNED_STATEMENT_FILE \ - --output-file $TRANSPARENT_STATEMENT_FILE \ - --log-level INFO + RESPONSE=$(python3 -m datatrails_scitt_samples.scripts.register_signed_statement \ + --signed-statement-file $SIGNED_STATEMENT_FILE \ + --output-file $TRANSPARENT_STATEMENT_FILE \ + --log-level INFO) + echo $RESPONSE ``` The last line of the output will include the leaf entry that commits the statement to the merkle log. @@ -179,15 +181,31 @@ python3 -m datatrails_scitt_samples.scripts.create_hashed_signed_statement \ ```bash python3 -m datatrails_scitt_samples.scripts.verify_receipt \ --transparent-statement-file $TRANSPARENT_STATEMENT_FILE \ - --leaf $LEAF + --leaf $(jq -r .leaf <<<"$RESPONSE") ``` - Following the example above, $LEAF should be: + The verification should pass with: ```output - 30f5650fbe3355ca892094a3fbe88e5fa3a9ae47fe3d0bbace348181eb2b76db + verification passed ``` +1. Simulate a failed verification, by altering the `.leaf` value + + ```bash + + python3 -m datatrails_scitt_samples.scripts.verify_receipt \ + --transparent-statement-file $TRANSPARENT_STATEMENT_FILE \ + --leaf $(jq -r .leaf <<<"$RESPONSE")"-foo" + ``` + + The verification should fail with: + + ```output + ERROR:verify-receipt:failed to parse leaf hash + ``` + + ## Retrieve Statements for the Artifact The power of SCITT is the ability to retrieve the history of statements made for a given artifact. From adb291e56ffb96b51a9df928f837843877d68b7c Mon Sep 17 00:00:00 2001 From: steve lasker Date: Fri, 13 Dec 2024 16:52:31 -0800 Subject: [PATCH 13/14] md formatting Signed-off-by: steve lasker --- content/developers/developer-patterns/scitt-api/index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/content/developers/developer-patterns/scitt-api/index.md b/content/developers/developer-patterns/scitt-api/index.md index 55c45cd35..bb9216dae 100644 --- a/content/developers/developer-patterns/scitt-api/index.md +++ b/content/developers/developer-patterns/scitt-api/index.md @@ -205,7 +205,6 @@ python3 -m datatrails_scitt_samples.scripts.create_hashed_signed_statement \ ERROR:verify-receipt:failed to parse leaf hash ``` - ## Retrieve Statements for the Artifact The power of SCITT is the ability to retrieve the history of statements made for a given artifact. From ab62936378fe306dca093f38c25e4ca02b3b0de1 Mon Sep 17 00:00:00 2001 From: Robin Bryce Date: Mon, 16 Dec 2024 10:12:43 +0000 Subject: [PATCH 14/14] correct the example for verification failed --- .../developers/developer-patterns/scitt-api/index.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/content/developers/developer-patterns/scitt-api/index.md b/content/developers/developer-patterns/scitt-api/index.md index bb9216dae..8205cad18 100644 --- a/content/developers/developer-patterns/scitt-api/index.md +++ b/content/developers/developer-patterns/scitt-api/index.md @@ -187,24 +187,30 @@ python3 -m datatrails_scitt_samples.scripts.create_hashed_signed_statement \ The verification should pass with: ```output - verification passed + verification succeeded ``` 1. Simulate a failed verification, by altering the `.leaf` value + As all entries in a log are unique, if you use the leaf value from the example above verbatim, it will *fail* to verify + ```bash python3 -m datatrails_scitt_samples.scripts.verify_receipt \ --transparent-statement-file $TRANSPARENT_STATEMENT_FILE \ - --leaf $(jq -r .leaf <<<"$RESPONSE")"-foo" + --leaf "30f5650fbe3355ca892094a3fbe88e5fa3a9ae47fe3d0bbace348181eb2b76db" ``` The verification should fail with: ```output - ERROR:verify-receipt:failed to parse leaf hash + verification failed ``` + A more representative example, which includes computing the leaf hash from the event details, can be found in the [tests for the verification script](https://github.com/datatrails/datatrails-scitt-samples/blob/main/tests/test_verify_receipt.py#L52) + + + ## Retrieve Statements for the Artifact The power of SCITT is the ability to retrieve the history of statements made for a given artifact.