Package Signing
What is Package Signing?
Package SigningApplying a cryptographic signature to a software package so that consumers can verify the publisher's identity and that the artifact has not been altered after release.
Package signing binds an artifact (binary, library, container image, OS package, language module) to the publisher's cryptographic identity. Verifiers compare the signature against the expected key, certificate, or transparency log entry before installing or running the package. Common ecosystems include Sigstore Cosign for OCI images and language packages, GPG-signed Linux distribution packages, Authenticode on Windows, codesign on macOS/iOS, and Maven Central with PGP. Modern practice favours short-lived keys and OIDC-based identities (Sigstore) over long-lived offline keys, plus transparency logs (Rekor) for public auditability. Signing is complementary to SBOMs, SLSA provenance, and reproducible builds: it answers "who shipped this and is it intact?" while the others answer "what is in it and how was it made?".
● Examples
- 01
Signing release binaries with Sigstore Cosign and publishing to Rekor.
- 02
Verifying Debian package signatures via apt and the distribution's GPG key.
● Frequently asked questions
What is Package Signing?
Applying a cryptographic signature to a software package so that consumers can verify the publisher's identity and that the artifact has not been altered after release. It belongs to the Application Security category of cybersecurity.
What does Package Signing mean?
Applying a cryptographic signature to a software package so that consumers can verify the publisher's identity and that the artifact has not been altered after release.
How does Package Signing work?
Package signing binds an artifact (binary, library, container image, OS package, language module) to the publisher's cryptographic identity. Verifiers compare the signature against the expected key, certificate, or transparency log entry before installing or running the package. Common ecosystems include Sigstore Cosign for OCI images and language packages, GPG-signed Linux distribution packages, Authenticode on Windows, codesign on macOS/iOS, and Maven Central with PGP. Modern practice favours short-lived keys and OIDC-based identities (Sigstore) over long-lived offline keys, plus transparency logs (Rekor) for public auditability. Signing is complementary to SBOMs, SLSA provenance, and reproducible builds: it answers "who shipped this and is it intact?" while the others answer "what is in it and how was it made?".
How do you defend against Package Signing?
Defences for Package Signing typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Package Signing?
Common alternative names include: Code signing, Artifact signing.
● Related terms
- appsec№ 226
Cosign
An open-source CLI from the Sigstore project for signing, verifying, and attesting to OCI artifacts and other software using either keyed or keyless workflows.
- appsec№ 1044
Sigstore
An open-source Linux Foundation project that makes signing, verifying, and protecting software artifacts easy by combining short-lived keys, OIDC identities, and a transparency log.
- appsec№ 1069
Software Supply Chain Security
The discipline of protecting every link of the software production chain - source, dependencies, build, signing, distribution, and deployment - against tampering, malicious code, and integrity loss.
- appsec№ 870
Provenance Attestation
A signed, machine-verifiable statement that describes how a software artifact was produced - including source, build system, parameters, and dependencies - so consumers can trust its origin.
- cryptography№ 321
Digital Signature
A public-key cryptographic mechanism that proves the authenticity, integrity and non-repudiation of a message or document.
- appsec№ 1053
SLSA Framework
Supply-chain Levels for Software Artifacts: a tiered set of requirements published by OpenSSF that progressively hardens how software is built, signed, and verified against supply-chain tampering.
● See also
- № 304Dependency Confusion Attack
- № 305Dependency Pinning
- № 921Reproducible Builds
- № 166CI/CD Security
- № 444GitOps Security