sigstore-merkle
| Crates.io | sigstore-merkle |
| lib.rs | sigstore-merkle |
| version | 0.6.0 |
| created_at | 2025-11-27 10:21:12.624635+00 |
| updated_at | 2025-12-17 09:08:06.460662+00 |
| description | RFC 6962 Merkle tree verification for Sigstore |
| homepage | |
| repository | https://github.com/wolfv/sigstore-rust |
| max_upload_size | |
| id | 1953462 |
| size | 115,002 |
Wolf Vollprecht (wolfv)
documentation
README
sigstore-merkle
RFC 6962 Merkle tree verification for sigstore-rust.
Overview
This crate implements Merkle tree operations as specified in RFC 6962 (Certificate Transparency). It provides inclusion proof verification for transparency logs like Rekor.
Features
- Inclusion proof verification: Verify that an entry exists in a Merkle tree
- Hash chaining: RFC 6962 compliant hash computation for tree nodes
- Proof path validation: Verify proof paths against known root hashes
Usage
use sigstore_merkle::verify_inclusion;
use sigstore_types::Sha256Hash;
// Verify an inclusion proof
verify_inclusion(
leaf_index,
tree_size,
&proof_hashes,
&root_hash,
&leaf_hash,
)?;
Background
Merkle trees in transparency logs allow clients to verify that:
- A specific entry exists in the log (inclusion proof)
- The log is append-only and consistent (consistency proof)
This crate focuses on inclusion proof verification, which is the primary operation needed for Sigstore bundle verification.
Related Crates
Used by:
sigstore-verify- Verifies inclusion proofs in bundlessigstore-bundle- Bundle validation
License
BSD-3-Clause