Security Model
SourceSeal is designed to provide tamper-evident software supply chain security through cryptographic signing, blockchain immutability, and defense-in-depth API protections.
How Signing Works (Ed25519)
SourceSeal uses Ed25519 (Edwards-curve Digital Signature Algorithm) for all attestation signatures. Ed25519 provides:
- 128-bit security level— Equivalent strength to RSA-3072, with much smaller keys (32 bytes).
- Deterministic signatures— The same message and key always produce the same signature, eliminating a class of implementation bugs.
- Fast verification— Signature verification is extremely fast, suitable for high-throughput verification pipelines.
- No external dependencies— Implemented using only the Go standard library (
crypto/ed25519).
Signing Process
- The CLI computes the SHA-256 hash of the artifact file.
- An attestation payload is constructed containing the artifact hash, ecosystem, package name, version, signer key ID, SLSA level, and timestamp.
- The attestation is canonically serialized (deterministic JSON field ordering).
- The serialized bytes are signed with the Ed25519 private key, producing a 64-byte signature.
- The signature is hex-encoded and included in the attestation record.
Verification Process
- The server receives the attestation along with the PEM-encoded public key.
- The server verifies that the
signer_key_idmatches the SHA-256 hash of the provided public key (first 16 bytes). - The attestation is re-serialized canonically and verified against the Ed25519 signature using the public key.
- Only if all checks pass is the attestation accepted and written to the ledger.
Key Management
Signing keys are stored locally in the ~/.sourceseal/keys/ directory.
Key Generation
The sourceseal initcommand generates an Ed25519 key pair using Go's crypto/ed25519.GenerateKey with the system CSPRNG (crypto/rand.Reader).
Key Storage
Private keys are stored as PEM files with 0600 file permissions (owner read/write only). Public keys are stored alongside with 0644 permissions.
Key ID Derivation
The key ID is the first 16 bytes of the SHA-256 hash of the public key, hex-encoded (32 hex characters). This provides a compact, collision-resistant identifier for each key.
Key Export
Public keys can be exported in PEM format via sourceseal keys export for sharing with verification parties.
sourceseal keys export abcdef0123456789abcdef0123456789Blockchain Immutability
Attestations are anchored on a Hyperledger Fabric permissioned blockchain, which provides several security properties:
Append-Only Ledger
Once a transaction is committed to the ledger, it cannot be modified or deleted. Any attempt to tamper with historical data is detectable.
Consensus Validation
Transactions must be endorsed by authorized peers and ordered by the ordering service before being committed, preventing unilateral modifications.
Audit Trail
Every attestation submission creates a Fabric transaction with a unique transaction ID, providing a complete audit trail.
Cross-Verification
During verification, the API server queries the Fabric ledger to confirm the attestation exists on-chain, detecting any discrepancies between the local store and the ledger.
API Authentication
The SourceSeal API server implements multiple layers of protection:
API Key Authentication
All /api/v1/ endpoints require a valid API key provided via the Authorization: Bearer header or X-API-Key header. Keys are configured server-side via the SOURCESEAL_API_KEYS environment variable.
Rate Limiting
Per-IP rate limits prevent abuse: 100 requests/minute for read endpoints (GET), 20 requests/minute for write endpoints (POST). When behind a reverse proxy, set SOURCESEAL_TRUST_PROXY=true to use the correct client IP from X-Forwarded-For.
TLS
The API server supports TLS termination via --tls-cert and --tls-key flags. TLS should always be enabled in production to prevent eavesdropping and man-in-the-middle attacks.
CORS
Cross-Origin Resource Sharing is configured via SOURCESEAL_CORS_ORIGINS to restrict which web origins can call the API.
Request Size Limits
The attestation submission endpoint enforces a maximum request body size of 10 MB, preventing denial-of-service through oversized payloads.
Threat Model Overview
SourceSeal is designed to mitigate the following supply chain attack vectors:
| Threat | Mitigation |
|---|---|
| Tampered artifacts | SHA-256 hashing + Ed25519 signature verification ensures any modification is detected |
| Unauthorized signing | Ed25519 keys bound to identities; key ID verified against public key on submission |
| Attestation retroactive tampering | Blockchain immutability prevents modification of historical attestations |
| Dependency confusion | Package-level attestation history via audit command reveals unexpected packages |
| Man-in-the-middle attacks | TLS on API server; Fabric network uses mutual TLS between peers |
| API abuse / brute force | Per-IP rate limiting, API key authentication, request size limits |
| Compromised local store | Cross-verification against the blockchain ledger detects local database tampering |
| Transitive dependency attacks | Zero external Go dependencies; SBOM generation provides full dependency visibility |
Security Recommendations
- 1.Never share or commit private keys to version control.
- 2.Always enable TLS in production deployments.
- 3.Use strong, randomly generated API keys (minimum 32 characters).
- 4.Rotate API keys and signing keys on a regular schedule.
- 5.Configure multiple Fabric organizations for decentralized trust in production.
- 6.Monitor the
/healthzendpoint and set up alerts for error-level log entries.