Notarize digital objects

Created by Xinxiang Wang, Modified on Fri, 15 Dec, 2023 at 8:24 AM by Xinxiang Wang

To notarize digital objects, use the vcn notarize command. Notarization of assets means recording their hashes in the ledger in Trustcenter along with the status of the asset. By default, the status is trusted. To change the status of an asset to unsupported or untrusted, use the vcn unsupport or vcn untrust commands. Syntax of all these commands is the same.

$ vcn notarize <asset>
$ vcn unsupport <asset>
$ vcn untrust <asset>

You can use short form of the command:

$ vcn n instead of vcn notarize
$ vcn ut instead of vcn untrust
$ vcn us instead of vcn unsupport

You can notarize different types of objects:

$ vcn notarize file://<filename>

$ vcn notarize dir://<directory>

$ vcn notarize image://<imageId>:<tag> (eg. vcn n image://open-liberty:latest)

$ vcn notarize docker://<imageId> (deprecated, please use image)

$ vcn notarize podman://<imageId>

$ vcn notarize git://<path_to_git_repo>

$ vcn notarize --hash <hash>

Notarization can also be done using bulk mode and CSV file containing
hashes, artifact names and optional list of labels. The format of csv
file is as follows:

<hash>,<name>,<semicolon separated list of labels>

example:

FfBaFcAdbbCEADfFfEFfaeceEFdEAbfaBCCeBCeEdACAFAfDaadCEFACDCDcAFBE,test61504536,label33;attr433 dAdeceBEbCbbbaDCACBfaAfAebDFdeBBdcaFaEcBCBFDAcfeCDCDFAFFDBEDbfdB,test61504537,label39;attr39 DfaAbFCAffDEFEdDfCBCdBefAdfbBbEFDddcbbADfFCCAaaDeaBfBceAdbbFDCCA,test61504538,label46;attr146

To run notarization with import file:

$ vcn notarize --import-file myFile.csv

More information on notarization with SBOM is in the SBOM chapter.