/? https://www.google.com/search?q=removed+gpg+and+sigstore+onl...
IIRC OpenPGP signatures do work with W3C VC; there's a URI for the key type and algorithm?
"Chapter 8. Signing container images" and any other OCI artifact: https://docs.redhat.com/en/documentation/red_hat_enterprise_... :
> You can use a GNU Privacy Guard (GPG) signature or a sigstore signature to sign your container image
--
"What does a PGP signature on a Git commit prove?" https://www.hackerneue.com/item?id=26640915
"Git-signatures – Multiple PGP signatures for your commits" (2019) https://www.hackerneue.com/item?id=19183803#19186012
"Linked Data Signatures for GPG" > GpgLinkedDataKeyClass2020, GpgSignature2020: https://gpg.jsld.org/ .. spec: https://gpg.jsld.org/contexts/
"PGP Vocabulary v1" (2021) > PgpVerificationKey2021, PgpSignature2021:https://or13.github.io/lds-pgp2021/
"Verifiable Credentials with PGP" (2022) https://transmute-industries.github.io/vc-pgp/
A blog post from 2022 on how to do artifact key revocation with Sigstore Fulcio, Rekor, and AWS Lambda; but revocation transparency https://blog.sigstore.dev/dont-panic-a-playbook-for-handling...
"Why you can’t use Sigstore without Sigstore" (2023) https://blog.sigstore.dev/why-you-cant-use-sigstore-without-...
"Model authenticity and transparency with Sigstore" https://next.redhat.com/2025/04/10/model-authenticity-and-tr...
sigstore/model-transparency: https://github.com/sigstore/model-transparency
This item has no comments currently.
It looks like you have JavaScript disabled. This web app requires that JavaScript is enabled.
Please enable JavaScript to use this site (or just go read Hacker News).
/? https://www.google.com/search?q=removed+gpg+and+sigstore+onl...
IIRC OpenPGP signatures do work with W3C VC; there's a URI for the key type and algorithm?
"Chapter 8. Signing container images" and any other OCI artifact: https://docs.redhat.com/en/documentation/red_hat_enterprise_... :
> You can use a GNU Privacy Guard (GPG) signature or a sigstore signature to sign your container image
--
"What does a PGP signature on a Git commit prove?" https://www.hackerneue.com/item?id=26640915
"Git-signatures – Multiple PGP signatures for your commits" (2019) https://www.hackerneue.com/item?id=19183803#19186012
"Linked Data Signatures for GPG" > GpgLinkedDataKeyClass2020, GpgSignature2020: https://gpg.jsld.org/ .. spec: https://gpg.jsld.org/contexts/
"PGP Vocabulary v1" (2021) > PgpVerificationKey2021, PgpSignature2021:https://or13.github.io/lds-pgp2021/
"Verifiable Credentials with PGP" (2022) https://transmute-industries.github.io/vc-pgp/
--
A blog post from 2022 on how to do artifact key revocation with Sigstore Fulcio, Rekor, and AWS Lambda; but revocation transparency https://blog.sigstore.dev/dont-panic-a-playbook-for-handling...
"Why you can’t use Sigstore without Sigstore" (2023) https://blog.sigstore.dev/why-you-cant-use-sigstore-without-...
"Model authenticity and transparency with Sigstore" https://next.redhat.com/2025/04/10/model-authenticity-and-tr...
sigstore/model-transparency: https://github.com/sigstore/model-transparency