/openpubkey

Reference implementation of OpenPubkey

Primary LanguageGoApache License 2.0Apache-2.0

OpenPubkey Reference Implementation

OpenPubkey adds user generated cryptographic signatures to OpenID Connect (OIDC) to enable users to sign messages or artifacts under their OpenID identity. Verifiers can check that these signatures are valid and associated with the signing OpenID identity. OpenPubkey does not add any new trusted parties beyond what is required for OpenID Connect and is fully compatible with existing OpenID Providers (Google, Azure/Microsoft, Okta, OneLogin, Keycloak) without any changes to the OpenID Provider.

This repo contains the current reference implementation of OpenPubkey. The reference implementation is a work in progress.

Remaining Work

Phase 1:

Phase 2:

  • Additional Signers (TBD)

How to use this library

To interact with OpenPubkey as a signer use the OpkClient struct.

Further reading