Introduction to Sigstore: cryptographic signatures made easier
| Action | Key |
|---|---|
| Play / Pause | K or space |
| Mute / Unmute | M |
| Toggle fullscreen mode | F |
| Select next subtitles | C |
| Select next audio track | A |
| Show slide in full page or toggle automatic source change | V |
| Seek 5s backward | left arrow |
| Seek 5s forward | right arrow |
| Seek 10s backward | shift + left arrow or J |
| Seek 10s forward | shift + right arrow or L |
| Seek 60s backward | control + left arrow |
| Seek 60s forward | control + right arrow |
| Decrease volume | shift + down arrow |
| Increase volume | shift + up arrow |
| Decrease playback rate | < |
| Increase playback rate | > |
| Seek to end | end |
| Seek to beginning | beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
The last few years have seen a significant raise in Supply Chain attacks targeting third party software used in larger projects. With the need for developers to attest of the integrity and provenance of their software dependencies, alternatives have emerged to make tracing software back to the source more accessible, without a need for specific knowledge of cryptographic protocols used for generating and verifying artifact signatures.
Project Sigstore (https://www.sigstore.dev/) is a new standard for signing, verifying and protecting software. This talk will provide an introduction to Sigstore, explaining the different components the project is built upon and how developers can use it to sign and verify software artifacts (software packages, container images...) in a secure way. Notably, Sigstore solves the issue of private key storage and management by implementing "keyless" signing, where users can generate ephemeral key pairs and sign an artifact using an identity provider such as GitHub, Microsoft or Google.
Maya is a Software Engineer in Red Hat's Emerging Technologies security team.
She is passionate about Python, open source and software supply chain security.
Other media in the channel "2023"
107 views, 11 this yearWhy cyberoffense will never be regulatedJuly 5th, 2023
36 views, 13 this yearUsing Suricata to detect lateral movement in Windows environmentJuly 5th, 2023
132 views, 34 this year, 6 this monthDecrypt Kerberos/NTLM “encrypted stub data” in WiresharkJuly 5th, 2023
17 views, 2 this yearHow to survive to STIX parsing?July 5th, 2023
19 views, 6 this yearASN.1 templating for fun and profitJuly 5th, 2023
9 views, 4 this year, 1 this monthzekrom: an open-source library of arithmetization-oriented constructions for zkSNARK circuitsJuly 5th, 2023