Giving people the ability to sign messages under their identity is extremely powerful. For instance, this functionality lets you SSH into servers, sign software artifacts, and create end-to-end encrypted communications under your single sign-on (SSO) identity. The OpenPubkey protocol and open source project brings the power of digital signatures to both people and workloads without adding trusted parties. OpenPubkey is built on the OpenID Connect (OIDC) SSO protocol, which is supported by major identity providers, including Google, Microsoft, Okta, and Facebook. This article will explore how OpenPubkey works and looks at three use cases in detail.
OpenPubkey is the web's new technology for adding public keys to standard SSO interactions with Identity Providers (IdPs) that speak OpenID Connect (OIDC). OpenPubkey works by essentially turning an IdP into a Certificate Authority (CA). A CA is a trusted entity that issues certificates that cryptographically bind an identity with a cryptographic public key. With OpenPubkey, any OIDC-speaking Identity Provider can bind public keys to identities today.
Secure Shell (SSH) is a cryptographic network protocol that provides a way to securely communicate over unsecured networks. It uses encryption to safeguard data from unauthorized access or tampering, which is why it’s the standard for secure remote access, file transfer, tunneling and port forwarding.
