Attending this event?
19-22 March
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Friday, March 22 • 16:00 - 17:30
🚨 Contribfest: Enable Additional Signing Mechanisms for TUF and in-toto: No Cryptography Skills Required

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Given the maturity of TUF/in-toto core implementations, we were able to shift our focus to an important prerequisite in the user story, that of private key management.

This year, we have built a new cryptographic interface for this purpose - the securesystemslib Signer API. It already supports a broad range of technologies, such as YubiKeys, various Cloud KMS services, Sigstore identities, Post Quantum keys, etc. And, moreover, it provides a blueprint for arbitrary new signing mechanisms.

In this session we invite you to help:

* add new signers to python-securesystemslib Signer API for not yet supported Cloud KMS services (e.g. Hashicorp Vault) or hardware tokens (BYO), etc.
* port Signer API to Go
* explore Signer API interaction in emerging applications (e.g. RSTUF, TUF-on-CI)

Everyone is welcome! You don’t need to be a cryptographer, nor a TUF or in-toto expert. Basic Python or Go programming skills will be helpful.

avatar for Joshua Lock

Joshua Lock

Distinguished Engineer, Verizon
Joshua is Open Source Architect in Verizon's Open Source Program Office, where he leads efforts to improve consistency around how Verizon uses open source. As part of his work at Verizon he works upstream on software supply chain security standards and tools; he is a steering committee... Read More →
avatar for Jussi Kukkonen

Jussi Kukkonen

Open source software engineer, Google
Open source supply chain security @ Google. Maintainer of python-tuf, tuf-on-ci & sigstore-python.

Lukas Pühringer

Seminar/Workshop Leader, NYU
Lukas Pühringer is a research scholar and software developer at the NYU Center for Cyber Security (CCS), where he leads the development of The Update Framework (TUF), and has been co-maintaining several of Prof. Justin Cappos’ software projects, most notably the supply chain security... Read More →

Friday March 22, 2024 16:00 - 17:30 CET
Pavilion 7 | Level 7.3 | W05
Feedback form isn't open yet.