Red Hat na Google, yana Mahadum Purdue, tọrọ ntọala Sigstore oru ngo, iji mepụta ngwá ọrụ na ọrụ maka nyochaa ngwanrọ site na iji mbinye aka dijitalụ na idowe ndekọ ọha na eze iji gosi na ọ bụ eziokwu (akwụkwọ nghọta). A ga-emepụta ọrụ a n'okpuru nkwado nke ọgbakọ anaghị akwụ ụgwọ Linux Foundation.
Ihe omume a na-atụ aro ga-eme ka nchekwa nke ọwa nkesa ngwanrọ wee chebe megide mwakpo ezubere iji dochie akụrụngwa ngwanrọ na ihe ndabere (agbụ ọkọnọ). Otu n'ime isi nsogbu nchekwa na ngwa ngwa mepere emepe bụ ihe isi ike nke ịchọpụta isi mmalite nke mmemme yana ịchọpụta usoro iwu. Dịka ọmụmaatụ, ọtụtụ ọrụ na-eji hashes iji nyochaa iguzosi ike n'ezi ihe nke ntọhapụ, ma mgbe mgbe, a na-echekwa ozi dị mkpa maka nyocha na sistemụ na-enweghị nchebe yana na ebe nchekwa koodu nkekọrịta, n'ihi nke ndị na-awakpo nwere ike imebi faịlụ ndị dị mkpa maka nkwenye na iwebata mgbanwe ọjọọ. n'ebulighị enyo.
Naanị obere akụkụ nke ọrụ na-eji mbinye aka dijitalụ mgbe a na-ekesa mwepụta n'ihi ihe isi ike dị na ijikwa igodo, ikesa igodo ọha, na ịkagbu igodo ndị mebiri emebi. Ka nkwenye wee nwee ezi uche, ọ dịkwa mkpa ịhazi usoro a pụrụ ịdabere na ya na nchekwa maka ikesa igodo ọha na ndenye ego. Ọbụlagodi na mbinye aka dijitalụ, ọtụtụ ndị ọrụ na-eleghara nkwenye anya n'ihi na ha kwesịrị iwepụta oge na-amụ usoro nkwenye na ịghọta igodo kwesịrị ntụkwasị obi.
A na-atụle Sigstore dị ka ihe kwekọrọ ka Ka anyị Encrypt maka koodu, na-enye asambodo maka koodu mbinye aka dijitalụ yana ngwaọrụ maka ịmebe nkwenye. Site na Sigstore, ndị mmepe nwere ike bịanye aka n'ụdị ngwa ngwa dịka faịlụ ntọhapụ, onyonyo akpa, ihe ngosi na ihe arụrụ arụ. Akụkụ pụrụ iche nke Sigstore bụ na ihe eji edebanye aha na-egosipụta n'ime ndekọ ọhaneze na-emebi emebi nke enwere ike iji maka nyocha na nyocha.
Kama igodo na-adịgide adịgide, Sigstore na-eji igodo ephemeral dị mkpụmkpụ dị mkpụmkpụ, nke a na-emepụta dabere na nzere nke ndị na-enye OpenID Connect (n'oge ịmepụta igodo maka mbinye aka dijitalụ, onye mmepụta na-achọpụta onwe ya site na onye na-eweta OpenID jikọtara na email). A na-enyocha izi ezi nke igodo ndị ahụ site na iji akwụkwọ ndekọ aha ọha, nke na-eme ka o kwe omume ịchọpụta na onye dere mbinye aka bụ kpọmkwem onye ọ na-ekwu na ọ bụ ya na otu onye so na ya bụ onye na-ahụ maka mwepụta ndị gara aga guzobere mbinye aka.
Sigstore na-enye ma ọrụ emebere nke ị nwere ike iji, yana ngwa ọrụ na-enye gị ohere ibuga ọrụ ndị yiri ya na akụrụngwa nke gị. Ọrụ a bụ n'efu maka ndị nrụpụta na ndị na-eweta ngwanrọ, ma etinyere ya na ikpo okwu na-anọpụ iche - Linux Foundation. Akụkụ niile nke ọrụ bụ isi mmalite mepere emepe, edere na Go wee kesaa n'okpuru ikike Apache 2.0.
N'ime ihe ndị mepere emepe anyị nwere ike ịhụ:
- Rekor bụ mmejuputa ndekọ ndekọ aha maka ịchekwa metadata bịanyere aka na dijitalụ na-egosipụta ozi gbasara ọrụ. Iji hụ na iguzosi ike n'ezi ihe ma chebe megide mmebi data mgbe eziokwu ahụ gasịrị, a na-eji ihe owuwu dị ka osisi "Merkle Tree", nke alaka ọ bụla na-enyocha alaka na ọnụ niile dị n'okpuru, ekele maka nkwonkwo (osisi-dị ka) hashing. N'inwe hash ikpeazụ, onye ọrụ nwere ike nyochaa izi ezi nke akụkọ ihe mere eme nke arụmọrụ niile, yana izi ezi nke steeti nchekwa data gara aga (a na-agbakọ hash nkwenye mgbọrọgwụ nke steeti ọhụrụ nke nchekwa data na-eburu n'uche ọnọdụ gara aga. ). Iji nyochaa ma gbakwunye ndekọ ọhụrụ, a na-enye API zuru ike yana interface cli.
- Fulcio (SigStore WebPKI) bụ usoro maka ịmepụta ndị nwe asambodo (Root-CAs) nke na-enye asambodo dị mkpụmkpụ dabere na ozi-e enwetara site na Jikọọ OpenID. Ogologo ndụ nke akwụkwọ ahụ bụ nkeji 20, mgbe onye nrụpụta ga-enwe oge iji mepụta mbinye aka dijitalụ (ọ bụrụ na akwụkwọ ahụ ga-adaba n'aka onye na-awakpo, ọ ga-agwụlarị).
- Сosign (Container Signing) bụ ngwa ọrụ maka ịmepụta mbinye aka maka arịa, nyochaa mbinye aka na idowe arịa mbinye aka na ebe nchekwa dakọtara na OCI (Open Container Initiative).
isi: opennet.ru