OpenPubKey
Sharon Goldberg CEO of BastionZero said you can start building applications with OpenPubKey 2023-10-06.
OpenPubKey is a cryptographic protocol that uses the web's ubiquitous SSO technology to solve the fundamental problem in cryptography: certifying user public keys. Certifying a public key means that you securely bind the identity of a user to their public key. Once you have certified public keys, you can have lovely cryptographic things, like:
✍having developers sign code commits, builds and deploys 🔒establishing end-to-end encrypted channels 🧑🏻🤝🧑🏽building cryptographic peer-to-peer systems
Using OpenPubKey
OpenPubKey gives ANY OpenID Connect (OIDC) Provider the ability to certify public keys. Because OpenPubKey is compatible with today's OpenID Connect, you can use right it now with commercial Identity Providers like Okta, AzureAD, Google, and OneLogin, even without requiring their explicit support!
Best of all, OpenPubKey is invisible to your users. They just SSO through an OpenPubKey client, and the client will generate a certified public key with no additional effort from the user.
❓How is OpenPubKey different from OpenID Connect?
OpenID Connect issues bearer tokens. A bearer token is NOT a cryptographic signing key, it’s just a secret that is presented in order to gain access to a service. That's why a bearer token cannot be used as is, to build any of the lovely cryptographic things I listed earlier.
📜 Who designed OpenPubKey?
Our team of PhD cryptographers and engineers at BastionZero designed OpenPubKey as part of the Multi-Root Zero Trust Access Protocol (MrZAP) powering our infrastructure access product. We use MrZAP to provide zero-trust passwordless access to servers, containers, clusters and databases. We extracted and generalized OpenPubKey from MrZAP as its own standalone protocol, and then open-sourced in collaboration Docker, Inc and others.
If you want to learn more, Ethan Heilman and Mike Milano are at #DockerCon right now! DM them or me to find some time to chat. And don't miss Ethan's talk with Docker's James Carnegie at the show!
