add sha256:... as alternative way to specify a blob

[wolfv]

Hey, looking for some early feedback on this change to make validation of blobs without providing the actual blob easier.

Summary

With this change, one can validate blobs without the blob - just by sha256:<hash>.

Release Note

• Allow passing a hash instead of an actual blob / file by using sha256:<hash>.

[haydentherapper]

@woodruffw, @kommendorkapten and I had a discussion in sigstore/protobuf-specs#444. There was some concern that providing only the hash of an attestation would lead to a lack of verification of the document itself.

[wolfv]

Sure, but in our case the server application already checks the hash and we don't want to send the file around to the microservice to validate the signature :)

Also sigstore-python already supports this.

But also fine with me if it isn't accepted!

[woodruffw]

Hey @wolfv! Good to see you 🙂

Per sigstore/protobuf-specs#444, I think there are two subtly different cases here: when doing a "bare" verification (cosign verify-blob) having a hash instead of an artifact is OK, since the signature is over a "bare" payload and the hash is equivalently binding to it.

However, in the attestation verification context, just a hash is insufficient (since it binds to the subject's digest, but not the subject's name.

So, I think cosign could support sha256:... in the "bare" case, but forbid it for the attestation case. OTOH, I could see that being confusing for users -- I'm curious what @haydentherapper thinks.

(In sigstore-python we allow sha256:... in both cases, which was arguably a mistake 😅 -- I'm going to investigate removing or augmenting it in the next stable release. In particular, if we decide to keep it, I'll likely add some kind of required --subject flag to complement the digest.)