specification icon indicating copy to clipboard operation
specification copied to clipboard
Published 1 month ago verified publisher icon CycloneDX

Feature suggestion: Adding Sigstore support to the standard

Open robertlagrant opened this issue 3 years ago • 8 comments

Sigstore exists to verify whether a deployed dependency was signed by the author. Detecting whether a detected dependency was signed by Sigstore would allow downstream tools such as DependencyTrack to expose to its users their coverage of signed dependencies.

robertlagrant avatar Aug 10 '22 10:08 robertlagrant

CycloneDX supports industry standard enveloped signing formats including XML Signature (xmlsig) and JSON Signature Format (JSF). Any component or nested component assembly can be independently signed and verified. To my knowledge, sigstore does not support these use cases.

For components that are inventoried in the BOM, it would be possible to add support for an external reference to zero or more URLs to external signatures. I think this should be able to support Rekor transparency logs as well as Maven GPG signatures.

Can you verify that a URI to the transparency log would work?

stevespringett avatar Aug 10 '22 15:08 stevespringett

Thanks - great comments. Make sense.

Can you verify that a URI to the transparency log would work?

I am no expert, but that is my impression. I'll do some investigating and report back here.

robertlagrant avatar Aug 11 '22 09:08 robertlagrant

Small update, from their FAQs:

What can I sign and store?

We started off by targeting generic release artifacts like tarballs, compiled binaries and container images, but our future aim is to explore other formats like jars, and manifest signing like SBOM. We’re also looking to collaborate with package managers and ease the adoption of signing for their communities.

So it's possible the SBOM itself could be signed, as well as individual dependencies.

robertlagrant avatar Aug 11 '22 16:08 robertlagrant

So it's possible the SBOM itself could be signed, as well as individual dependencies.

Correct. What I'm trying to find out is what part of cosign verification can be captured in the CycloneDX spec. I'm still unclear what can be technically done and what makes sense to do.

stevespringett avatar Aug 12 '22 04:08 stevespringett

I think rekor/trillium can be made to issue receipts (similar to IETF SCITT). Perhaps the receipt or the DID/purl/content address of it is what would be what we add a property for?

johnandersen777 avatar Jan 22 '23 23:01 johnandersen777

What I'm trying to find out is what part of cosign verification can be captured in the CycloneDX spec. I'm still unclear what can be technically done and what makes sense to do.

Yeah, that's fair 😄 Backing up, Sigstore does two main things:

  1. Provides a transparency log (Rekor) for signatures. So if you have a traditional cryptographic key pair for the signer, you can submit a signature over an SBOM for inclusion in the transparency log.

    To verify inclusion in the log, you can use one of two mechanisms:

    • Immediately on submission to the log, you'll get back a countersigned receipt. This is a "promise" to include the signature in the log.
    • After the "merge" into the log completes, you can do an online lookup if you have the entry's UUID. This results in (1) a "signed tree head" (a signed log root) and (2) a "lookup proof" that the entry is in the log represented by the signed tree head.

  2. Runs a CA (Fulcio) that issues short-lived (10 minute) certificates for various signing identities (OpenID connect identities, like my Gmail account, or machine identities, like "GitHub Actions running workflow X"). Because the certificates are so short-lived, you need a timestamp on any signatures to demonstrate that they happened during the certificate validity period; Rekor inclusion proofs happen to include a timestamp as well.

So, I'd propose:

  • Using a JSF extension to attach a Rekor receipt or a UUID for online lookup.
  • Using a JSF certificatePath to attach the issued certificate chain from Fulcio to any signature. If this is provided, you'll need a Rekor receipt as well for timestamping.

This should get you there, and doesn't seem to actually require any changes to the JSF spec. For actual work items, we might need to do the following:

  1. Nail down a method for embedding Rekor information into a JSF signature.
  2. Add JSF support to Rekor (see below).

Both of these should probably happen on the Sigstore end. If this is of interest, please let me know and I can kick that off.

CycloneDX supports industry standard enveloped signing formats including XML Signature (xmlsig) and JSON Signature Format (JSF). Any component or nested component assembly can be independently signed and verified. To my knowledge, sigstore does not support these use cases.

Rekor (Sigstore's transparency log) supports pluggable "types" for signing. So it would be pretty easy to add xmlsig or JSF: https://github.com/sigstore/rekor/tree/main/pkg/types

If that was the main blocker for adoption here, I can fire off a feature request and I bet it'd get some traction.

znewman01 avatar Jan 23 '23 00:01 znewman01

The ITU-T SG17 has standardized the JSON Signature Scheme. It will be published as X.590 and in the final stages of the publication process. You may want to consider using that as it is an international standard.

jordan2175 avatar Oct 16 '23 13:10 jordan2175

The ITU specification for digitally signing JSON data is now freely available. https://www.itu.int/rec/T-REC-X.590-202310-I/en

jordan2175 avatar Dec 21 '23 19:12 jordan2175