From sigstore.dev
1 1
The Sigstore security model has a few key components, each aimed at establishing trust or proving identity. For a quick overview of the key services mentioned in this document, see Tooling. Proving Identity in Sigstore # Sigstore relies on the widely used OpenID Connect (OIDC) protocol to prove...
7h ago
From sigstore.dev
0 1
This document explains how identity-based, or “keyless” signing works in Sigstore. To learn more about OIDC, please review OIDC Usage in Fulcio. Keyless signing associates identities, rather than keys, with an artifact signature. Fulcio issues short-lived certificates binding an ephemeral key to...
on Sep 3
