Demystify Modern Signing: Keys, Certificates, and Envelopes

Explore the practical aspects of modern cryptographic signing in this 33-minute conference talk by John Kjell from TestifySec. Gain insights into projects like Sigstore's Cosign, Notation, The Update Framework (TUF), and in-toto without delving into complex mathematical concepts. Learn about key algorithms, signing envelopes, certificates, and verification processes. Understand the differences between signing and verification versus encryption and decryption. Compare design decisions made by various tools and discover the emerging trend of identity-based signing using short-lived keys and certificates. Conclude with a practical demonstration of signature verification using openssl and shasum CLI commands.