Linux Foundation, BastionZero and Docker Announce the Launch of the OpenPubkey Project
The Linux Foundation | 04 October 2023
Cryptographic protocol helps secure the open source software ecosystem with zero-trust passwordless authentication.
SAN FRANCISCO, CA – October 4, 2023 – The Linux Foundation, BastionZero and Docker are excited to announce the launch of OpenPubkey as a Linux Foundation open source project. To coincide with the launch of OpenPubkey, BastionZero is announcing the integration of OpenPubkey for Docker container signing, to help secure the open source software ecosystem with zero-trust passwordless authentication.
The OpenPubkey protocol was developed as part of BastionZero’s secure infrastructure access product. OpenPubkey enables users to securely and accurately bind cryptographic keys to users and workloads by turning an OpenID Connect Identity Provider (IdP) into a Certificate Authority (CA). With the rollout of this integration, Docker users can enhance software supply chain security.
This new cryptographic protocol empowers developers to build out software supply chain or security applications. OpenPubkey augments OpenID Connect to enable workloads and users to sign artifacts under their OpenID identity. These keys can be used to cryptographically sign statements, enabling applications such as secure remote access or software supply chain security features such as signed builds, deployments, and code commits.
"The Linux Foundation is proud to host the OpenPubkey Project," said Jim Zemlin, Executive Director of the Linux Foundation. "We believe this initiative will play a pivotal role in strengthening the security of the open source software community. We encourage developers and organizations to join this collaborative effort in enhancing software supply chain security."
"We introduced OpenPubkey as its own standalone protocol to make it easy and secure to use digital signatures with OpenID Connect,” said Ethan Heilman, co-founder and CTO of BastionZero. “We are excited to partner with Docker to offer its community of software developers and open source contributors a simple and convenient way for users, service accounts, machines, or workloads to create digital signatures using their identity."
"TestifySec recognizes the value in enhancing software supply chain security," said Cole Kennedy, CEO of TestifySec. "We're impressed with OpenPubkey's approach to easy and trustworthy signing. Docker's collaboration with Bastion Zero has our full support, and we're eager to see the broader community benefit from it."
BastionZero and Docker are excited to bring this technology to the broader open source community under the Linux Foundation and aim to expand the reach of OpenPubkey, foster increased collaboration, and improve software security across the open source ecosystem. To learn more about how the integration of OpenPubkey is enhancing open source software supply chain security, including how to get involved, contribute, and join the community, please visit the GitHub page.
The Linux Foundation
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.