Sigstore, ikhowudi yokuqinisekisa ikhowudi ye-cryptographic evela kwiRed Hat neGoogle

Darkcrizt

Imizuzu ye4

I-Red Hat kunye neGoogle, kunye neYunivesithi yePurdue kutshanje ibhengeze ukusekwa kweprojekthi yeSigstore, eyabani Injongo kukwenza izixhobo kunye neenkonzo zokuqinisekisa isoftware usebenzisa utyikityo lwedijithali kunye nokugcina irejista yokubonisa elubala eluntwini. Iprojekthi iya kuphuhliswa phantsi kwephiko leLinux Foundation, umbutho ongenzi nzuzo.

Iprojekthi ecetywayo ukuphucula ukhuseleko lwamajelo osasazo lwesoftware kunye nokukhusela ekuhlaselweni okujolise kuko ukubuyisela izinto endaweni yesoftware kunye nokuxhomekeka (kwityathanga lokubonelela). Enye yezinto eziphambili zokhuselo kwisoftware yomthombo ovulekileyo bubunzima bokuqinisekisa umthombo wenkqubo kunye nokuqinisekisa inkqubo yokwakha.

Ngokomzekelo, ukuqinisekisa ukuthembeka kwenguqulelo, uninzi lweeprojekthi zisebenzisa i-hash, Kodwa rhoqo ulwazi olufunekayo lokungqinisisa lugcinwa kwiinkqubo ezingakhuselekanga nakwiikhowudi ekwabelwana ngazo, njengesiphumo sokuncitshiswa kwabahlaseli abanokuthi bathathe indawo yeefayile eziyimfuneko ekuqinisekiseni kwaye ngaphandle kokurhanela, bazise utshintsho olubi.

Yimbinana yeeprojekthi ezisebenzisa utyikityo lwedijithali ukusasaza ukukhutshwa ngenxa yokuntsonkotha kolawulo oluphambili, ukuhanjiswa kwezitshixo zikawonkewonke kunye nokurhoxiswa kwezitshixo ezichaphazelekileyo. Ukuqinisekisa ukwenza intsingiselo, kuya kufuneka uququzelele inkqubo ethembekileyo nekhuselekileyo yokuhambisa izitshixo zikarhulumente kunye neetsheki. Nokuba utyikityo lwedijithali, abasebenzisi abaninzi bayakutyeshela ukuqinisekiswa njengoko kuthatha ixesha ukufunda inkqubo yokuqinisekisa kunye nokuqonda ukuba leliphi iqhosha elithembekileyo.

Malunga neSigstore

I-Sigstore inyuselwa njenge-Analog Encrypt ikhowudi, ipheukubonelela ngezatifikethi zokutyikitya ikhowudi yedijithali kunye nezixhobo zokuqinisekisa ukuzenzekelayo. Nge-Sigstore, abaphuhlisi banokutyikitya ngokwamanani izixhobo ezinxulumene nokusetyenziswa ezinje ngeefayile zokumiliselwa, imifanekiso yezikhongozeli, ezibonakalisayo kunye nezinto ezenziwayo. Uphawu lweSigstore kukuba izinto ezisetyenziselwa ukutyikitya ziboniswa kwirekhodi yoluntu ekhuselweyo kutshintsho, enokusetyenziselwa ukuqinisekiswa nokuphicothwa.

Endaweni yezitshixo ezingapheliyo, I-Sigstore isebenzisa amaqhosha amafutshane e-ephemeral, Zenziwe ngokusekwe kubungqina obuqinisekiswe ngababoneleli be-OpenID Connect (ngexesha lamaqhosha esignitsha yedijithali eveliswayo, umphuhlisi uchongiwe ngomboneleli we-OpenID ngekhonkco le-imeyile). Ubunyani bezitshixo bujongwa kwirekhodi yoluntu esembindini, ikuvumela ukuba uqiniseke ukuba umbhali wesiginitsha unguye kanye lowo athi unguye kwaye utyikityo lwenziwa ngulo mntu wayethathe inxaxheba owayenoxanduva lweenguqulelo zangaphambili.

ISigstore ibonelela ngenkonzo ekulungeleyo ukuyisebenzisa kunye neseti yezixhobo ezikuvumela ukuba uphumeze iinkonzo ezifanayo kwikhompyuter yakho. Le nkonzo isimahla kubo bonke abaphuhlisi besoftware kunye nabathengisi, kwaye iyenziwa kwiqonga elingathathi hlangothi: i-Linux Foundation. Onke amacandelo enkonzo ayimithombo evulekileyo, ebhalwe kwi-Go ulwimi, kwaye ahanjiswa phantsi kwelayisensi ye-Apache 2.0.

Kumacandelo ukuba kuphuhliswa, ukuze kuqatshelwe:

  • Rekor: ukumiliselwa kwerejista yokugcina imethadatha esayiniweyo ngokwamanani ezibonisa ulwazi malunga neeprojekthi. Ukuqinisekisa ukuthembeka kunye nokukhuseleka ekugqwethweni kwedatha, umthi "woMthi woMthi" usetyenziswa ngokudibeneyo, apho isebe ngalinye liqinisekisa yonke imisonto kunye nezinto ezisisiseko, ngenxa yomsebenzi we-hash.
  • IFulcio (SigStore WebPKI) inkqubo yokudala abasemagunyeni (Ingcambu-CA) ekhupha izatifikethi ezihlala ixesha elifutshane ngokusekwe kwii-imeyile eziqinisekisiweyo nge-OpenID Connect. Ixesha lokuphila lesiqinisekiso yimizuzu engama-20, ngeli xesha umphuhlisi kufuneka abenexesha lokwenza umsayino wedijithali (ukuba kwixesha elizayo isatifikethi siwela ezandleni zomhlaseli, siza kuphelelwa lixesha).
  • Сosign (Ukutyikitywa kwesiqulatho) iseti yezixhobo zokuvelisa iisayinitsha kwizikhongozeli, qinisekisa utyikityo kwaye ubeke izikhongozeli ezisayiniweyo kwi-OCI (i-Open Container Initiative) yokugcina izinto.

Okokugqibela, ukuba unomdla wokwazi okungakumbi ngale projekthi, unokujonga kwiinkcukacha Kule khonkco ilandelayo.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.