Cosign Errors and Solutions

UNAUTHORIZED Error

Error Message

Error Message: Error: signing [$IMAGE]: recursively signing: signing digest: POST https://index.docker.io/v2/$IMAGE/blobs/uploads/: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:$IMAGE Type:repository] map[Action:push Class: Name:$IMAGE Type:repository]]

main.go:52: error during command execution: signing [$IMAGE/loginpage]: recursively signing: signing digest: POST https://index.docker.io/v2/$IMAGE/blobs/uploads/: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:$IMAGE Type:repository] map[Action:push Class: Name:$IMAGE Type:repository]]

Problem

This issue occurs when the user is not logged into either the Docker registry or the local registry.

Solution

If the image is available in the Docker registry, use the docker login command.

If the image is available in the local registry, use the command: docker login localhost(server_hostname):<port>.

No such File or Directory Error

Error Message

Error: signing [<image_name>]: getting signer: reading key: opening pkcs11 token key: access modulePath: stat /home/<username>/AppViewX Sign /AVXPKCS11.so: no such file or directory

main.go:52: error during command execution: signing [<image_name>]: getting signer: reading key: opening pkcs11 token key: access modulePath: stat /home/<username>/AppViewX Sign /AVXPKCS11.so: no such file or directory

Problem

Cosign does not recognize the + character directly; instead, it recognizes its URL-encoded equivalent %2B.

Solution

This command lists the PKCS11 Key URIs

<path to cosign executable> pkcs11-tool list-keys-uris --module-path "/home/username/AppViewX Sign+/AVXPKCS11.so" --slot-id 0 --pin 12345678

Replace + with %2B in the URI while using the URI in the signing commands.