APS Signing Model (v0)¶
Goals¶
- Integrity & authenticity of
.aps.tar.gzartifacts. - Simple local trust (developer keys), enterprise policy later.
Artifacts¶
- dist/
.aps.tar.gz - dist/
.aps.tar.gz.sig.json # DSSE-lite: base64(payload) + base64(sig)
Payload (JSON, then base64 in the .sig.json):
{ "file": "<filename>.aps.tar.gz", "digest": "sha256:<hex>" }
CLI¶
aps keygen # creates ~/.aps/keys/{ed25519.key,ed25519.pub}
aps sign dist/pkg.aps.tar.gz # emits dist/pkg.aps.tar.gz.sig.json
aps verify dist/pkg.aps.tar.gz.sig.json
Trust(v0)¶
- Local trust store: ~/.aps/keys/ed25519.pub
- Policy (future): require signatures from known keys; transparency log optional.
Supply Chain (future v1)¶
- DSSE + in-toto provenance document aps/provenance.json
- Enterprise policy: block unsigned/unknown keys