Command line users
If you are familiar with tools like curl/wget please try using our Asset Transparency aware command-line tool called tl. This tool can download and verify files like curl/wget or verify existing files like sha256sum -c but with an integrated Asset Transparency log backed experience.
wget https://example.com/example-v1.0.0.zip
tl verify https://example.com/example-v1.0.0.zip example-v1.0.0.zip
Not familiar with the command line? Asset Transparency is still early in its development and has yet to be integrated into non-developer tools like browsers (though we would love to see it!). Please subscribe to our newsletter at transparencylog.com for updates.
Learn how to download and install tl for macOS, Linux, and Windows.
Developers and publishers
If you are publishing assets on the web (e.g. software releases, important public documents, etc) the best way to get involved in Asset Transparency is by adding the URLs to assets you control to Asset Transparency as soon as you publish. This is important for two reasons:
- Verifying your URLs entry in the Asset Transparency log before circulating the URL ensures that if there is an issue with the log entry it is caught by you instead of a consumer.
- Adding URLs to Asset Transparency soon after they are published provides a greater protection to users that are using an Asset Transparency aware client. The sooner a URL is entered the longer it can protect people consuming a URL from unexpected content modification.
See our page on Software Release Process Integration documentation.
Future Use Cases
These are directions we think Asset Transparency can go into the future; and we would love to start discussions about them.
See some of the ideas and questions about package manager (pypi, npm, etc) and web browsers.