From 72173b2e974315e09f7cde62ab8ef86fe32df519 Mon Sep 17 00:00:00 2001
From: Thibault Meunier <thibault@cloudflare.com>
Date: Mon, 28 Oct 2024 09:44:49 +0100
Subject: [PATCH] Document manual pass of the public key

Using `--verifying-key`, it's possible to manually pass a verifying key
to plexi cli.
This commit documents this behaviour in the README, similar to how it's
done in `plexi audit --help`

Close #13
---
 README.md | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index d58a5a9..74bcc4e 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ Plexi is a flexible auditor for [Key Transparency systems](https://blog.cloudfla
 
 Use the `--help` option for more details about the commands and their options.
 
-```bash
+```shell
 plexi [OPTIONS] <COMMAND>
 ```
 
@@ -65,6 +65,7 @@ The Key Transparency Auditor vouches for Log validity by ensuring epoch uniquene
 `plexi audit` provides information about a given epoch and its validity. It can perform a local audit to confirm the auditor behaviour.
 
 For instance, to verify WhatsApp Log auditted by Cloudflare Auditor, run the following:
+
 ```shell
 > plexi audit --remote-url 'https://plexi.key-transparency.cloudflare.com' --namespace 'whatsapp.key-transparency.v1' --long
 Namespace
@@ -79,6 +80,15 @@ Signature (2024-09-23T16:53:45Z)
   Proof verification	: success
 ```
 
+If you already know the auditor verifying key, you can pass it via `--verifying-key`. Plexi will verify that the key is advertised by the auditor, and that the signature is valid against it.
+
+```shell
+plexi audit \
+  --remote-url 'https://plexi.key-transparency.cloudflare.com' \
+  --namespace 'whatsapp.key-transparency.v1' \
+  --verifying-key '2bbfbb39997fdb95feee40ef9f8827de0256732be06f64ed6408cc7e97c7f4d4'
+```
+
 ## Conduct
 
 Plexi and Cloudflare OpenSource generally follows the [Contributor Covenant Code of Conduct](https://github.com/cloudflare/.github/blob/26b37ca2ba7ab3d91050ead9f2c0e30674d3b91e/CODE_OF_CONDUCT.md). Violating the CoC could result in a warning or a ban to Plexi or any and all repositories in the Cloudflare organization.