Fulcio on

An Introduction to Fulcio

Fri, 19 Aug 2022 08:49:31 +0000

An earlier version of this material was published in the Fulcio chapter of the Linux Foundation Sigstore course.

Fulcio is a certificate authority that binds public keys to identities such as email addresses (such as a Google account) using OpenID Connect, essentially notarizing a short-lived key pair against a particular login. A certificate authority issues digital certificates that certify that a particular public key is owned by a particular entity. The certificate authority therefore serves as a trusted third party, helping parties that need to attest and verify identities.

How to Generate a Fulcio Certificate

Fri, 19 Aug 2022 08:49:31 +0000

An earlier version of this material was published in the Fulcio chapter of the Linux Foundation Sigstore course.

In this tutorial, we are going to create and examine a Fulcio certificate to demonstrate how Fulcio can work in practice. To follow along, you will need Cosign installed on your local system. If you haven’t installed Cosign yet, you can follow the instructions described in How to Install Cosign, or you can follow one of the installation methods described in the official documentation.

How to Inspect and Verify Fulcio Certificates

Fri, 19 Aug 2022 08:49:31 +0000

An earlier version of this material was published in the Fulcio chapter of the Linux Foundation Sigstore course.

To inspect a certificate generated by Fulcio, we will first decode it with the base64 command line tool, which is used for encoding and decoding binary to text. Base64 is widely used on the world wide web for binary-to-text encoding. You can check whether the tool is installed by checking whether base64 --help will run. If not, install Base64 with the package manager of your choice, such as apt or Homebrew for macOS.