Update image-verification.md (#23)

Signed-off-by: caroldelwing <[email protected]>
spectrocloud · Jan 9, 2024 · 456fbf1 · 456fbf1
1 parent 7396c46
commit 456fbf1
Showing 1 changed file with 6 additions and 12 deletions.
diff --git a/docs/image-verification.md b/docs/image-verification.md
@@ -3,11 +3,8 @@
 The Spectromate container image is signed using [Sigstore's](https://sigstore.dev/) Cosign. The container image is signed using a cryptographic key pair that is private and stored internally. The public key is available in the official Spectro Cloud documentation repository at [**static/cosign.pub**](https://raw.githubusercontent.com/spectrocloud/librarium/master/static/cosign.pub). Use the public key to verify the authenticity of the container image. You can learn more about the container image signing process by reviewing the [Signing Containers](https://docs.sigstore.dev/signing/signing_with_containers) documentation page.
 
 
-:::info
-
-Cosign generates a key pair that uses the ECDSA-P256 algorithm for the signature and SHA256 for hashes. The keys are stored in PEM-encoded PKCS8 format.
-
-:::
+> [!NOTE]
+> Cosign generates a key pair that uses the ECDSA-P256 algorithm for the signature and SHA256 for hashes. The keys are stored in PEM-encoded PKCS8 format.
 
 
 Use the following command to verify the authenticity of the container image. Replace the image tag with the version you want to verify.
@@ -20,7 +17,7 @@ ghcr.io/spectrocloud/spectromate:v1.0.7
 If the container image is valid, the following output is displayed. The example output is formatted using `jq` to improve readability.
 
 ```shell hideClipboard
-Verification for ghcr.io/spectrocloud/librarium:nightly --
+Verification for ghcr.io/spectrocloud/spectromate:v1.0.7 --
 The following checks were performed on each of these signatures:
   - The cosign claims were validated
   - Existence of the claims in the transparency log was verified offline
@@ -56,11 +53,8 @@ The following checks were performed on each of these signatures:
 ```
 
 
-:::danger
-
-Do not use the container image if the authenticity cannot be verified. Verify you downloaded the correct public key and that the container image is from `ghcr.io/spectrocloud/spectromate`.
-
-:::
+> [!CAUTION]
+> Do not use the container image if the authenticity cannot be verified. Verify you downloaded the correct public key and that the container image is from `ghcr.io/spectrocloud/spectromate`.
 
 If the container image is not valid, an error is displayed. The following example shows an error when the container image is not valid.
 
@@ -87,4 +81,4 @@ zFEMG++p4q8Mf+y2gp7Ae4oUaXk6Q9V7aVjjltRVN6SQcoSASxf2H2EpgA==
 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYHrc2WIE3apKLmcxlFFHyVQCQZWh
 2+al5W/VMlPr3u4EZ/V/GOBm6+Y9gF3Us3twueXYgdYeFo5o7BUn70MPPw==
 -----END PUBLIC KEY-----
-```
+```