CyberScan
Vulnerability assessment and automated pentest. Continuous asset discovery, AI risk prioritisation, integrated NIS2 compliance manager.
Discover CyberScan →
Cyber Security
CISO-as-a-service consulting: posture, remediation roadmap, ongoing support.
Discover →The cryptographic signing problem
Signing a software artefact (container image, binary, SBOM, Git commit) lets the consumer verify provenance and integrity. Historically the topic has been hindered by private key management:
- Who generates the key?
- Where is it stored?
- How is it protected from compromise?
- How is it rotated?
- How is it revoked if compromised?
For open source projects with many distributed maintainers, these have hard operational answers. Result: signing has been uncommon.
Sigstore
Sigstore — launched in March 2021 sponsored by Red Hat, Google, Purdue University, Chainguard and others, under Linux Foundation — answers the problem with an innovative idea: signing with ephemeral keys tied to OIDC identity.
On 17 October 2022 Sigstore reaches General Availability with stable public services. Apache 2.0 licence.
The three components
cosign
The CLI client. Signs and verifies:
- Container images (OCI registry)
- Software artefacts (binaries, tarballs)
- SBOMs (SPDX, CycloneDX)
- Helm charts
Operating modes:
- Keyless (recommended) — uses the maintainer’s OIDC identity
- Key-based — traditional keys, for compatibility
Fulcio
Short-lived Certificate Authority operated by Sigstore. Flow:
- Maintainer runs
cosign sign container-image:tag - cosign opens browser for OIDC auth (Google, GitHub, Microsoft, GitLab)
- Fulcio issues X.509 certificate with 10-minute validity, bound to the OIDC identity
- cosign signs the artefact with the private key, which is discarded after signing
- The signature + certificate are published on Rekor
The maintainer never manages persistent keys: every signature is ephemeral, identity is OIDC.
Rekor
Public append-only transparency log, based on Merkle tree with integrity logs (similar to Certificate Transparency). Every Sigstore signature is inserted into Rekor with:
- Artefact hash
- Signature + Fulcio certificate
- Timestamp
- Inclusion index
Verifiers can:
- Take a container image
- Compute its hash
- Search the hash in Rekor
- Confirm it was signed by an expected identity
The log is trustworthy by design: retroactive modifications would break Merkle proofs and be detectable.
Gitsign
Extension to sign Git commits with Sigstore instead of GPG. Command: git commit -S with gitsign as gpg program. Benefits:
- No GPG key management (notoriously cumbersome)
- Commit identity linked to OIDC (your @company.com, @github.com)
- Commit verification via Rekor log
Adoption
At October 2022 GA Sigstore already has significant adoption:
- Kubernetes — all releases Sigstore-signed
- npm — package signing (first signed packages)
- Python Package Index (PyPI) — in rollout
- GitHub — GitHub Actions publishes Sigstore provenance on artefacts
- Distroless images (Google) — signed
- Homebrew — planning integration
Regulatory
Sigstore meets SLSA level 3+ requirements on artefact provenance. It is cited in:
- Executive Order 14028 (USA, 2021) for software supply chain
- CISA Secure Software Development Framework
- EU Cyber Resilience Act (2022 proposal)
In the Italian context
As of 2022 Sigstore is still early in Italian adoption:
- Advanced DevOps teams on K8s — integrate cosign in pipelines
- Software houses with US export — enable Sigstore for EO 14028 compliance
- PA — watching, slower adoption
References: Sigstore GA (17 October 2022). Linux Foundation, Red Hat, Google, Purdue University, Chainguard. Apache 2.0 licence. Components: cosign, Fulcio (CA), Rekor (transparency log), gitsign. OIDC (Google, GitHub, Microsoft). Integration: Kubernetes, npm, PyPI, GitHub Actions.