Connect with us

Hi, what are you looking for?


Identity & Access

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol

The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security. 

The Linux Foundation on Wednesday announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security. 

OpenPubkey was developed as part of BastionZero’s zero trust infrastructure access product and is now being integrated with Docker. 

OpenPubkey is designed to enable binding crypto keys to users and workloads by turning an OpenID Connect identity provider into a certificate authority. Its goal is to provide enhanced passwordless authentication. 

“This new cryptographic protocol empowers developers to build out software supply chain or security applications. OpenPubkey augments OpenID Connect to enable workloads and users to sign artifacts under their OpenID identity,” the Linux Foundation explained. 

“These keys can be used to cryptographically sign statements, enabling applications such as secure remote access or software supply chain security features such as signed builds, deployments, and code commits,” it added.

The project’s developers noted that OpenPubkey is compatible with existing OpenID providers, including Microsoft, Google, Okta, Keycloak and OneLogin, and it does not require any changes to the provider. 

The GitHub page set up for OpenPubkey provides the reference implementation source code and additional information. 

Related: Silverfort Open Sources Lateral Movement Detection Tool

Advertisement. Scroll to continue reading.

Related: Google Open Sources Binary File Comparison Tool BinDiff

Related: OT/IoT and OpenTitan, an Open Source Silicon Root of Trust

Related: CISA Releases Open Source Software Security Roadmap

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.


Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...