Experiment with a SigStore Rekor instance

[andrew-m-leonard]

Install Rekor server and cli: https://docs.sigstore.dev/logging/installation/

Sign and Upload to Rekor-server: https://docs.sigstore.dev/logging/sign-upload/#pkixx509

Verifying Rekor entry: https://docs.sigstore.dev/logging/verify-release/#verify-the-entry-is-in-the-transparency-log

[andrew-m-leonard]

Sign as x509 and Upload:

# Create keys
openssl ecparam -genkey -name prime256v1 > ec_private.pem
openssl ec -in ec_private.pem -pubout > ec_public.pem

# Sign
openssl dgst -sha256 -sign ec_private.pem -out TestArtifact.txt.sig TestArtifact.txt

# Upload to Rekor
rekor-cli upload --rekor_server http://127.0.0.1:3000 --artifact TestArtifact.txt --signature TestArtifact.txt.sig --pki-format=x509 --public-key=ec_public.pem

Retrieve:

rekor-cli get --rekor_server http://127.0.0.1:3000 --uuid=<uuid>

Verify:

# Get public key from Rekor entry
rekor-cli get --rekor_server http://127.0.0.1:3000 --uuid=<uuid> --format json | jq -r '.Body .RekordObj .signature .publicKey .content' | base64 -d > retrieve.publicKey

# Get signature from Rekor entry
rekor-cli get --rekor_server http://127.0.0.1:3000 --uuid=<uuid> --format json | jq -r '.Body .RekordObj .signature .content' | base64 -d > retrieve.signature

# Verify
openssl dgst -sha256 -verify retrieve.publicKey -signature retrieve.signature TestArtifact.txt
==> Verified OK

[andrew-m-leonard]

Some notes:

• The artifact being "uploaded" to Rekor, is NOT uploaded to Rekor(!) Only it's hash, publicKey, and signature metadata are uploaded. Thus you cannot use it as a "store" of the metadata, so for example the CDXA bom itself would still be stored in the binaries repo
• Although the Rekor log is labelled as "read-only" and secure, it is only as secure and tamper-proof as the monitoring you have in place for it. The Merkle structure of the log aids verifying it's integrity but you need to actively "monitor" the log to ensure it has not being tampered with. The public Rekor instance has a team that monitors it, but for an Enterprise private Rekor instance it would need "monitoring" put in place. There is a project that can aid monitoring: https://github.com/sigstore/rekor-monitor
• An excellent diagram here explains the whole Fulcio Signing CA and Rekor eco system

Summary:

• With typical "key verification" you rely on obtaining a correct and trusted "public key", this is always the problem with Public Key Infrastructure (PKI)
• Fulcio + Rekor is basically providing a mechanism for trusted PKI key exchange
• Using Rekor in combination with Fulcio OID identity signing makes good sense, but I am not sure Rekor alone is mature enough yet, especially when used with traditional standard x509 type key signing where you are not gaining the Fulcio benefit
• For tamper-proof Rekor log you need to implement "monitoring", which is a hidden cost for a private Rekor instance