Google tshaj tawm qhov tsim ntawm thawj qhov kev tso tawm ruaj khov ntawm cov khoom tsim los ntawm Sigstore project, uas tau tshaj tawm tias tsim nyog rau kev tsim kev ua haujlwm. Sigstore tsim cov cuab yeej thiab cov kev pabcuam rau kev txheeb xyuas software siv cov ntawv kos npe digital thiab tswj xyuas cov ntaub ntawv pej xeem lees paub qhov tseeb ntawm kev hloov pauv (pob tshab log). Txoj haujlwm no tau tsim nyob rau hauv kev txhawb nqa ntawm lub koom haum non-profit Linux Foundation los ntawm Google, Red Hat, Cisco, vmWare, GitHub thiab HP Enterprise nrog kev koom tes ntawm OpenSSF (Open Source Security Foundation) lub koom haum thiab Purdue University.
Sigstore tuaj yeem xav tias Let's Encrypt rau cov lej, muab cov ntawv pov thawj rau digitally kos npe rau cov lej thiab cov cuab yeej los ua kom pom tseeb. Nrog Sigstore, cov neeg tsim khoom tuaj yeem kos npe rau daim ntawv thov cuam tshuam txog cov khoom qub xws li tso cov ntaub ntawv, ntim cov duab, tshwm sim, thiab ua tiav. Cov khoom siv kos npe tau pom nyob rau hauv daim ntawv pov thawj tamper-pov thawj pej xeem uas tuaj yeem siv los txheeb xyuas thiab txheeb xyuas.
Hloov cov yuam sij tas mus li, Sigstore siv cov yuam sij luv luv, uas yog tsim los ntawm cov ntaub ntawv pov thawj tau lees paub los ntawm OpenID Connect cov chaw muab kev pabcuam (thaum lub sijhawm tsim cov yuam sij tsim nyog los tsim cov kos npe digital, tus tsim tawm qhia nws tus kheej los ntawm OpenID tus neeg zov me nyuam txuas rau ib qho. email). Qhov tseeb ntawm cov yuam sij raug txheeb xyuas los ntawm kev siv lub hauv paus hauv paus, uas ua rau nws muaj peev xwm txheeb xyuas tau tias tus neeg sau kos npe yog raws nraim nws tau lees tias yog, thiab kos npe tau tsim los ntawm tib tus neeg koom nrog uas yog lub luag haujlwm rau kev tshaj tawm yav dhau los.
Sigstore qhov kev npaj rau kev siv yog vim qhov tsim tawm ntawm ob lub ntsiab lus tseem ceeb - Rekor 1.0 thiab Fulcio 1.0, cov software cuam tshuam uas tau tshaj tawm ruaj khov thiab yuav txuas ntxiv rov qab sib xws. Cov khoom siv tau muab sau rau hauv Go thiab faib raws li Apache 2.0 daim ntawv tso cai.
Lub Rekor tivthaiv muaj cov kev siv cav rau kev khaws cov ntaub ntawv kos npe digitally cuam tshuam txog cov ntaub ntawv hais txog cov haujlwm. Txhawm rau kom muaj kev ncaj ncees thiab tiv thaiv cov ntaub ntawv kev noj nyiaj txiag tom qab qhov tseeb, Merkle Tree tsob ntoo qauv yog siv, uas txhua ceg txheeb xyuas tag nrho cov ceg hauv qab thiab cov nodes los ntawm kev sib koom ua ke (ntoo) hashing. Muaj qhov kawg hash, tus neeg siv tuaj yeem txheeb xyuas qhov tseeb ntawm tag nrho cov keeb kwm ntawm kev ua haujlwm, nrog rau qhov tseeb ntawm lub xeev yav dhau los ntawm cov ntaub ntawv (cov pov thawj hauv paus hash ntawm lub xeev tshiab ntawm cov ntaub ntawv suav nrog suav nrog lub xeev yav dhau los. ). RESTful API yog muab rau kev txheeb xyuas thiab ntxiv cov ntaub ntawv tshiab, nrog rau cov kab hais kom ua.
Fulcio tivthaiv (SigStore WebPKI) suav nrog cov txheej txheem tsim cov ntaub ntawv pov thawj (hauv paus CAs) uas muab cov ntawv pov thawj luv luv raws li email authenticated los ntawm OpenID Connect. Lub neej ntawm daim ntawv pov thawj yog 20 feeb, thaum lub sijhawm tus tsim tawm yuav tsum muaj sijhawm los tsim cov ntawv kos npe digital (yog tias daim ntawv pov thawj tom qab poob rau hauv tes ntawm tus neeg tawm tsam, nws yuav tas sijhawm). Tsis tas li ntawd, qhov project tab tom tsim Cosign (Container Signing) toolkit, tsim los tsim cov npe kos npe rau cov thawv, txheeb xyuas cov npe kos npe thiab tso cov thawv kos npe rau hauv cov chaw khaws khoom sib xws nrog OCI (Open Container Initiative).
Kev siv ntawm Sigstore ua rau nws muaj peev xwm ua kom muaj kev ruaj ntseg ntawm cov kev faib tawm raws thiab tiv thaiv kev tawm tsam los ntawm kev hloov cov tsev qiv ntawv thiab kev vam khom (supply chain). Ib qho ntawm cov teeb meem kev ruaj ntseg tseem ceeb hauv qhov qhib software yog qhov nyuaj ntawm kev txheeb xyuas qhov chaw ntawm qhov kev pab cuam thiab txheeb xyuas cov txheej txheem tsim. Piv txwv li, feem ntau cov haujlwm siv hashes los xyuas qhov tseeb ntawm kev tso tawm, tab sis feem ntau cov ntaub ntawv tsim nyog rau kev lees paub yog khaws cia rau hauv cov txheej txheem tsis muaj kev tiv thaiv thiab hauv cov chaw khaws ntaub ntawv sib koom, vim tias cov neeg tawm tsam tuaj yeem cuam tshuam cov ntaub ntawv tsim nyog rau kev txheeb xyuas thiab qhia txog kev hloov pauv tsis zoo. tsis muaj kev ua xyem xyav.
Kev siv cov kos npe digital rau kev tso tawm pov thawj tseem tsis tau nthuav dav vim muaj teeb meem hauv kev tswj cov yuam sij, faib cov yuam sij rau pej xeem, thiab tshem tawm cov yuam sij cuam tshuam. Txhawm rau kom ua pov thawj kom muaj txiaj ntsig, nws tseem yuav tsum tau npaj cov txheej txheem txhim khu kev qha thiab ruaj ntseg rau kev faib cov yuam sij rau pej xeem thiab cov tshev nyiaj. Txawm tias muaj kev kos npe digital, ntau tus neeg siv tsis quav ntsej txog kev pov thawj vim tias lawv yuav tsum siv sijhawm los kawm cov txheej txheem pov thawj thiab nkag siab qhov tseem ceeb twg yog qhov muaj kev ntseeg siab. Txoj haujlwm Sigstore sim ua kom yooj yim thiab ua kom cov txheej txheem no yooj yim los ntawm kev muab cov kev daws teeb meem npaj txhij thiab pov thawj.
Tau qhov twg los: opennet.ru