Experimental project using Sigsum and Sigstore to sign and verify web-applications in the browser
Hi all,
For my master's thesis, and as a way to showcase a solution to the long-standing problem of using web applications for cryptographic tasks in the browser, without having to rely on server trust, I've developed a system that integrates a few components:
- Sigsum is used to transparently build a list of authorized signers for each domain that wants to participate in the system. - Sigstore is used to sign executable web assets (JS, HTML, CSS, WASM) using OIDC identities, with the authorization for a specific domain verified against the Sigsum-powered list.
The demo shows the system securing some of the most common self-hostable web apps, such as Jitsi, Element, and CryptPad.
There is currently some shared interest from the Tor Project in bringing similar functionality into TBB.
For a higher-level description, see [1], and for the project repository, see [2]. I’ll share my thesis at a later date, which will include additional insights and threat modeling for the whole system.
Cheers Giulio
[1] - https://securedrop.org/news/introducing-webcat-web-based-code-assurance-and-... [2] - https://github.com/freedomofpress/webcat
Hi Giulio,
Thanks for sharing, nice project! It's also fun to see in action that the Sigsum formats are relatively easy to work with in a web extension.
I couldn't help to notice
https://github.com/freedomofpress/webcat/blob/main/extension/src/sigsum/sigs...
when doing a brief look around. A Merkle tree is not always balanced. If you want some inclusion-proof verification pointers, take a look at:
https://gitlab.torproject.org/rgdd/ct/-/blob/main/doc/tlog-algorithms.md?ref...
I wish I could also point you to some generally useful test vectors for Merkle trees and Sigsum. This is unfortunately deep down in our backlog.
Are you by any chance aware of Michael Rosenberg's
https://docs.google.com/document/d/15PaxeWcRNTvjZzrwI1JpUKqooyMv6kmK12H51v9i...
work on web app transparency? I stumbled across the above as part of a c2sp.org spec discussions today, and I would be interested in a diff!
https://github.com/C2SP/C2SP/issues/115
Let us know if there's anything in particular you wish to get input on. So far I've only scratched the surface of your and Michael's links.
Let us know when the thesis is available, I'd like to check it out!
-Rasmus
On Fri, Mar 21, 2025 at 08:54:42AM +0200, Sigsum General wrote:
Hi all,
For my master's thesis, and as a way to showcase a solution to the long-standing problem of using web applications for cryptographic tasks in the browser, without having to rely on server trust, I've developed a system that integrates a few components:
- Sigsum is used to transparently build a list of authorized signers for
each domain that wants to participate in the system.
- Sigstore is used to sign executable web assets (JS, HTML, CSS, WASM)
using OIDC identities, with the authorization for a specific domain verified against the Sigsum-powered list.
The demo shows the system securing some of the most common self-hostable web apps, such as Jitsi, Element, and CryptPad.
There is currently some shared interest from the Tor Project in bringing similar functionality into TBB.
For a higher-level description, see [1], and for the project repository, see [2]. I’ll share my thesis at a later date, which will include additional insights and threat modeling for the whole system.
Cheers Giulio
[1] - https://securedrop.org/news/introducing-webcat-web-based-code-assurance-and-... [2] - https://github.com/freedomofpress/webcat _______________________________________________ Sigsum-general mailing list -- sigsum-general@lists.sigsum.org To unsubscribe send an email to sigsum-general-leave@lists.sigsum.org
Hi all,
On 25/03/2025 18:38, Rasmus Dahlberg via Sigsum-general wrote:
I couldn't help to notice
https://github.com/freedomofpress/webcat/blob/main/extension/src/sigsum/sigs...
when doing a brief look around. A Merkle tree is not always balanced. If you want some inclusion-proof verification pointers, take a look at:
https://gitlab.torproject.org/rgdd/ct/-/blob/main/doc/tlog-algorithms.md?ref...
I wish I could also point you to some generally useful test vectors for Merkle trees and Sigsum. This is unfortunately deep down in our backlog.
Thanks for pointing that :) I rushed the PoC to graduate, but if we end up using Sigsum in prod, then I'd spend significant amount of time in making that a decent library, and I could help back with the test suite. We could take some inspiration from [1] and [2] and build something that is implementation-agnostic.
Are you by any chance aware of Michael Rosenberg's
https://docs.google.com/document/d/15PaxeWcRNTvjZzrwI1JpUKqooyMv6kmK12H51v9i...
work on web app transparency? I stumbled across the above as part of a c2sp.org spec discussions today, and I would be interested in a diff!
We met at RWC and are discussing the proposals and see how to converge! I think neither is definitive right now, and there's a lot to work on.
Let us know if there's anything in particular you wish to get input on. So far I've only scratched the surface of your and Michael's links.
Let us know when the thesis is available, I'd like to check it out!
The full text is now at [3]. I hope I didn't do a bad job at describing Sigsum, but I'm obviously open to feedback for future revisions.
Cheers Giulio
[1] - https://github.com/sigstore/sigstore-conformance [2] - https://github.com/theupdateframework/tuf-conformance [3] - https://eprint.iacr.org/2025/797
On Mon, May 05, 2025 at 11:37:05AM +0300, Sigsum-general wrote:
Hi all,
On 25/03/2025 18:38, Rasmus Dahlberg via Sigsum-general wrote:
I couldn't help to notice
https://github.com/freedomofpress/webcat/blob/main/extension/src/sigsum/sigs...
when doing a brief look around. A Merkle tree is not always balanced. If you want some inclusion-proof verification pointers, take a look at:
https://gitlab.torproject.org/rgdd/ct/-/blob/main/doc/tlog-algorithms.md?ref...
I wish I could also point you to some generally useful test vectors for Merkle trees and Sigsum. This is unfortunately deep down in our backlog.
Thanks for pointing that :) I rushed the PoC to graduate, but if we end up using Sigsum in prod, then I'd spend significant amount of time in making that a decent library, and I could help back with the test suite. We could take some inspiration from [1] and [2] and build something that is implementation-agnostic.
I started on implementation-agnostic Merkle tree test vectors here a long while ago (basically porting test vectors I only had in Go):
https://github.com/rgdd/CCTV/tree/merkle/merkle
Agree it would be great to also have implementation-agnostic test vectors for Sigsum. Any help in this space is much appreaciated!
Are you by any chance aware of Michael Rosenberg's
https://docs.google.com/document/d/15PaxeWcRNTvjZzrwI1JpUKqooyMv6kmK12H51v9i...
work on web app transparency? I stumbled across the above as part of a c2sp.org spec discussions today, and I would be interested in a diff!
We met at RWC and are discussing the proposals and see how to converge! I think neither is definitive right now, and there's a lot to work on.
Splendid!
Let us know if there's anything in particular you wish to get input on. So far I've only scratched the surface of your and Michael's links.
Let us know when the thesis is available, I'd like to check it out!
The full text is now at [3]. I hope I didn't do a bad job at describing Sigsum, but I'm obviously open to feedback for future revisions.
Many thanks, adding it to my read queue. :)
-Rasmus
Cheers Giulio
[1] - https://github.com/sigstore/sigstore-conformance [2] - https://github.com/theupdateframework/tuf-conformance [3] - https://eprint.iacr.org/2025/797 _______________________________________________ Sigsum-general mailing list -- sigsum-general@lists.sigsum.org To unsubscribe send an email to sigsum-general-leave@lists.sigsum.org
sigsum-general@lists.sigsum.org
-
Giulio -
Rasmus Dahlberg