apptainer-verify - Man Page

• Verify a container image using the default PGP keyring: apptainer verify path/to/image.sif
• Verify a container image using a specific public key file: apptainer verify --key path/to/public.pem path/to/image.sif
• Verify a container image using a certificate file: apptainer verify --certificate path/to/certificate.pem path/to/image.sif
• Verify all objects in the image: apptainer verify [-a|--all] path/to/image.sif
• Verify a specific object group within the image: apptainer verify [-g|--group-id] group_id path/to/image.sif
• Verify a specific object by ID within the image: apptainer verify [-i|--sif-id] object_id path/to/image.sif
• Output verification results in JSON format: apptainer verify [-j|--json] path/to/image.sif
• Display help: apptainer verify [-h|--help]

tldr.sh

apptainer verify [verify options...]

The verify command allows a user to verify one or more digital signatures
 within a SIF image.

Key material can be provided via PEM-encoded file, or via the PGP keyring. To
 manage the PGP keyring, see 'apptainer help key'.

-a, --all[=false] verify all objects

--certificate="" path to the certificate

--certificate-intermediates="" path to pool of intermediate certificates

--certificate-roots="" path to pool of root certificates

-g, --group-id=0 verify objects with the specified group ID

-h, --help[=false] help for verify

-j, --json[=false] output json

--key="" path to the public key file

--legacy-insecure[=false] enable verification of (insecure) legacy signatures

-l, --local[=false] only verify with local key(s) in keyring

--ocsp-verify[=false] enable online revocation check for certificates

-i, --sif-id=0 verify object with the specified ID

-u, --url="" specify a URL for a key server

  Verify with a public key:
  $ apptainer verify --key public.pem container.sif

  Verify with PGP:
  $ apptainer verify container.sif

apptainer(1)

2-Feb-2026 Auto generated by spf13/cobra

apptainer(1).