Notice: While JavaScript is not essential for this website, your interaction with the content will be limited. Please turn JavaScript on for the full experience.

Sigstore Information

Background

Starting with the Python 3.11.0, Python 3.10.7, Python 3.9.14, Python 3.8.14, and Python 3.7.14 releases, CPython release artifacts are additionally signed with Sigstore (in addition to existing GPG signatures).

This page provides guidance on verifying Sigstore signatures as a CPython consumer, and outlines some motivation for using these additional signatures.

Sigstore verification of CPython Releases

Introduction to Sigstore

Sigstore is a new standard for signing, verifying and protecting software. The Sigstore project is a set of tools and services:

At a high level, Sigstore uses a certificate authority to tie OpenID Connect (OIDC) identities to ephemeral keys, and uses a transparency log to publish the results of signing events. This eliminates the need for signers to manage private keys. It also allows users to verify signatures based on characteristics of the OIDC identities, such as an email address.

More detail about the signing process and the interplay of these tools and services is provided in the Sigstore docs. Additionally, a security model for Sigstore can be found here.

Verifying CPython release artifacts with Sigstore

Verification requires the presence of two files: the release artifact in question and bundled "verification materials" which typically has a file extension of .sigstore. For example, for the Python 3.11.0 source release, you would download the following files:

$ wget https://www.python.org/ftp/python/3.11.0/Python-3.11.0.tgz
$ wget https://www.python.org/ftp/python/3.11.0/Python-3.11.0.tgz.sigstore

These verification materials should exist for all release artifacts, and are listed on the downloads page along with their corresponding artifacts.

Verification additionally requires prior knowledge of the identity of the signer. For CPython releases, these are the email addresses of the release manager for the given release. The release managers for current and upcoming releases are as follows:

Release PEP Release manager OIDC Issuer
3.7 PEP 537 nad@python.org https://github.com/login/oauth
3.8 PEP 569 lukasz@langa.pl https://github.com/login/oauth
3.9 PEP 596 lukasz@langa.pl https://github.com/login/oauth
3.10 PEP 619 pablogsal@python.org https://accounts.google.com
3.11 PEP 664 pablogsal@python.org https://accounts.google.com
3.12 PEP 693 thomas@python.org https://accounts.google.com
3.13 PEP 719 thomas@python.org https://accounts.google.com
3.14 PEP 745 hugo@python.org https://github.com/login/oauth

Finally, verification requires a Sigstore client. Using https://pypi.org/p/sigstore/ is recommended:

To install with additional install-time assurances including hash-checking and version pinning, you can run the following to install from a fully specified requirements file:

$ python -m pip install -r https://raw.githubusercontent.com/sigstore/sigstore-python/main/install/requirements.txt

Alternatively, to install as usual without these assurances:

$ python -m pip install sigstore

Finally, in the directory where you downloaded the release artifact and verification materials, you can run the following:

$ python -m sigstore verify identity \
  --bundle Python-3.11.0.tgz.sigstore \
  --cert-identity pablogsal@python.org \
  --cert-oidc-issuer https://accounts.google.com \
  Python-3.11.0.tgz

Running this command should result in the output OK: Python-3.11.0.tgz, which indicates that the signature is valid.

Migrating from GPG signatures

Before Sigstore signatures were available, CPython also provided GPG signatures as a means of verifying the origin and integrity of artifacts. Below are some tips for migrating an existing configuration verifying using GPG to adopting Sigstore.

Instead of using a GPG key for verification, use the above table to choose which signing identity and OIDC issuer is expected for each Python release version.

After an artifact has been verified using GPG, it's common to pin the artifact to a specific checksum value like SHA-256. If this value is already available, it's possible to check the validity of the artifact checksum using Sigstore using only the artifact checksum. For example, using a checksum of deadbeef...:

$ python -m sigstore verify identity \
  --bundle Python-3.11.0.tgz.sigstore \
  --cert-identity pablogsal@python.org \
  --cert-oidc-issuer https://accounts.google.com \
  sha256:deadbeef...

Verifying an artifact checksum requires a recent version of sigstore-python, at least v3.3.0 or later.

Offline verification is the default when verifying a Sigstore bundle (ie .sigstore). Use the --offline option to disable other network calls like updating TUF metadata.

If a standalone binary is required instead of a Python package for verifying signatures, we recommend using sigstore-go.

Any issues with this guide can be reported to https://github.com/sigstore/sigstore-python/issues