The Linux Foundation on Wednesday announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security.
OpenPubkey was developed as part of BastionZero’s zero trust infrastructure access product and is now being integrated with Docker.
OpenPubkey is designed to enable binding crypto keys to users and workloads by turning an OpenID Connect identity provider into a certificate authority. Its goal is to provide enhanced passwordless authentication.
“This new cryptographic protocol empowers developers to build out software supply chain or security applications. OpenPubkey augments OpenID Connect to enable workloads and users to sign artifacts under their OpenID identity,” the Linux Foundation explained.
“These keys can be used to cryptographically sign statements, enabling applications such as secure remote access or software supply chain security features such as signed builds, deployments, and code commits,” it added.
The project’s developers noted that OpenPubkey is compatible with existing OpenID providers, including Microsoft, Google, Okta, Keycloak and OneLogin, and it does not require any changes to the provider.
The GitHub page set up for OpenPubkey provides the reference implementation source code and additional information.
Related: Silverfort Open Sources Lateral Movement Detection Tool
Related: Google Open Sources Binary File Comparison Tool BinDiff
Related: OT/IoT and OpenTitan, an Open Source Silicon Root of Trust
Related: CISA Releases Open Source Software Security Roadmap