From f3b63b719490edf870d76aed3267949440efaece Mon Sep 17 00:00:00 2001
From: Ramon Petgrave <ramon.petgrave64@gmail.com>
Date: Sat, 22 Jun 2024 00:39:13 +0000
Subject: [PATCH] reword simple hash

Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
---
 README.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 785aa14..86031a8 100644
--- a/README.md
+++ b/README.md
@@ -489,8 +489,7 @@ accomodate subjects that are not simple-files.
 
 This experimental support does not work yet with VSAs wrapped in Sigstore bundles, only with simple DSSE envelopes.
 With that, we allow the user to pass in the public key.
-Note that if the DSSE Envelope `signatures` specifies a `keyid` that is not a simple hash of the key (not a well-known identifier, e.g, `my-kms:prod-vsa-key`), then you
-must supply the `--public-key-id` cli option.
+Note that if the DSSE Envelope `signatures` specifies a `keyid` that is not a unpadded base64 encoded sha256 hash the key, like `sha256:abc123...` (not a well-known identifier, e.g, `my-kms:prod-vsa-key`), then you must supply the `--public-key-id` cli option.
 
 To verify VSAs, invoke like this