Lib.rs

CachingSigstore
#sigstore #rekor #transparency #log-index #signature #logging #uuid #log-entries #checkpoint #client-for-sigstore

sigstore-rekor

Rekor transparency log client for Sigstore

Owned by Wolf Vollprecht, Bas Zalmstra.

11 releases (5 breaking)

new 0.6.4 Mar 6, 2026
0.6.1 Jan 26, 2026
0.6.0 Dec 8, 2025
0.4.0 Nov 28, 2025

#341 in Caching

Download history 8/week @ 2025-11-21 61/week @ 2025-11-28 93/week @ 2025-12-05 301/week @ 2025-12-12 105/week @ 2025-12-19 191/week @ 2025-12-26 262/week @ 2026-01-02 384/week @ 2026-01-09 525/week @ 2026-01-16 338/week @ 2026-01-23 676/week @ 2026-01-30 907/week @ 2026-02-06 1611/week @ 2026-02-13 4023/week @ 2026-02-20 4565/week @ 2026-02-27

11,218 downloads per month
Used in 10 crates (3 directly)

Apache-2.0

200KB
4K SLoC

sigstore-rekor

Rekor transparency log client for sigstore-rust.

Overview

This crate provides a client for Rekor, Sigstore's transparency log. Rekor provides an immutable, append-only ledger of signed software artifacts, enabling verification that signatures were created at a specific time and have not been tampered with.

Features

  • Log entry creation: Submit signatures and attestations to Rekor
  • Entry retrieval: Fetch log entries by UUID, log index, or search criteria
  • Entry types: Support for HashedRekord and DSSE entry types
  • Inclusion proofs: Retrieve cryptographic proofs of log inclusion
  • Log info: Query current log state and checkpoints

Entry Types

Type Description
hashedrekord Hash and signature over arbitrary content
dsse DSSE envelope with in-toto attestations

Usage

use sigstore_rekor::RekorClient;

let client = RekorClient::production();

// Create a log entry
let entry = client.create_entry(&hashedrekord).await?;

// Retrieve an entry
let entry = client.get_entry_by_uuid(&uuid).await?;

// Search for entries
let entries = client.search_by_hash(&artifact_hash).await?;

Used by:

License

BSD-3-Clause

Dependencies

~89MB
~2M SLoC