Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add minor doc fixes #280

Merged
merged 2 commits into from
Dec 15, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions content/en/about/overview.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,11 +50,11 @@ A Sigstore client, such as Cosign, requests a certificate from our code-signing

You don’t have to manage signing keys, and Sigstore services never obtain your private key. The public key that a Sigstore client creates gets bound to the issued certificate, and the private key is discarded after a single signing.

After the client signs the artifact, the artifact's digest, signature and certificate are persisted in a transparency log: an immutable, append-only ledger known as Rekor. With this log, signing events can be publicly audited. Identity owners can monitor the log to verify that their identity is being properly used, and someone who downloads and artifact can confirm that the certificate was valid at the time of signing.
After the client signs the artifact, the artifact's digest, signature and certificate are persisted in a transparency log: an immutable, append-only ledger known as Rekor. With this log, signing events can be publicly audited. Identity owners can monitor the log to verify that their identity is being properly used, and someone who downloads an artifact can confirm that the certificate was valid at the time of signing.

For verifying an artifact, a Sigstore client will verify the signature on the artifact using the public key from the certificate, verify the identity in the certificate matches an expected identity, verify the certificate's signature using Sigstore's root of trust, and verify proof of inclusion in Rekor. Together, verification of this information tells the user that the artifact comes from its expected source and has not been tampered with after its creation.

For more information on the modules that make up Sigstore, review [Toolling]({{< relref "about/tooling">}}).
For more information on the modules that make up Sigstore, review [Tooling]({{< relref "about/tooling">}}).

## How to use Sigstore

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@
by the certificate authority. This will form a chain of trust from the issued
certificate to the certificate authority root certificate.


Check failure on line 76 in content/en/certificate_authority/certificate-issuing-overview.md

View workflow job for this annotation

GitHub Actions / markdownlint

Multiple consecutive blank lines

content/en/certificate_authority/certificate-issuing-overview.md:76 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2] https://github.com/DavidAnson/markdownlint/blob/v0.29.0/doc/md012.md
Fulcio supports several signing backends to sign certificates:

- KMS: A KMS key hosted on GCP, AWS, Azure or Hashicorp
Expand All @@ -82,7 +82,7 @@
[softHSM](https://www.opendnssec.org/softhsm/) and others
- [Google CA Service](https://cloud.google.com/certificate-authority-service/docs): A GCP-hosted certificate authority
- Files: An on-disk password-protected private key
- Ephemeral (for testing): An in-memory key pair generated on start up

Check failure on line 85 in content/en/certificate_authority/certificate-issuing-overview.md

View workflow job for this annotation

GitHub Actions / markdownlint

Trailing spaces

content/en/certificate_authority/certificate-issuing-overview.md:85:71 MD009/no-trailing-spaces Trailing spaces [Expected: 0 or 2; Actual: 1] https://github.com/DavidAnson/markdownlint/blob/v0.29.0/doc/md009.md

See [Setting up a Fulcio instance](https://github.com/sigstore/fulcio/blob/main/docs/setup.md) for more details.

Expand Down Expand Up @@ -113,4 +113,6 @@

## 7 — Return certificate to client

Finally, the certificate and SCT are both returned to the client.

![Fulcio return the certificate to the client](/fulcio-7-return-to-client.png)
Loading