Skip to content

feat(extensions): add verifiable CloudEvents with DSSE#1386

Open
xibz wants to merge 1 commit into
cloudevents:mainfrom
xibz:verify
Open

feat(extensions): add verifiable CloudEvents with DSSE#1386
xibz wants to merge 1 commit into
cloudevents:mainfrom
xibz:verify

Conversation

@xibz
Copy link
Copy Markdown

@xibz xibz commented May 30, 2026
edited
Loading

Proposed Changes

feat: Add DSSE-based cryptographic signing for CloudEvents verification

Implements verifiable CloudEvents using DSSE (Dead Simple Signing Envelope) to ensure event authenticity and integrity across untrusted transport layers.

Key features:

  • Sign CloudEvents with DSSE v1.0.2 protocol using SHA256 digests
  • Transport verification material in 'dssematerial' extension attribute
  • Support for binary, structured, and batch CloudEvent modes
  • Backward compatible - unsigned events still work, consumers can ignore signatures (but highly inadvisable)

Technical approach:

  • Creates SHA256 digest chain of all context attributes and event data
  • Wraps digest in DSSE envelope with Base64 encoding
  • Verifies by recomputing digests and comparing against signed payload
  • Returns only verified data to consumers (strips unverified extensions)

This enables cryptographic proof that events:

  1. Were produced by the claimed source (authenticity)
  2. Were not modified in transit (integrity)

Does NOT address: event ordering, completeness, replay attacks, or confidentiality

Fixes #1302

Release Note

@xibz
Copy link
Copy Markdown
Author

xibz commented May 30, 2026
edited
Loading

@duglin - I decided to recreate the PR. There were too many merge conflicts, 800+ T-T, because of how poorly it diverged.

I tried to force push by hard resetting then cherry picking, but it autoclosed the PR :(.

Anywho updated! But the verify tools look broken since the removal the locale files

references #1371

@duglin
Copy link
Copy Markdown
Collaborator

duglin commented May 30, 2026

@xibz no worries. I’ll fix the CI issues tomorrow. They’re not related to your changes

@duglin
Copy link
Copy Markdown
Collaborator

duglin commented Jun 1, 2026

@xibz can you rebase using the latest 'main' branch? I think that should fix your CI issues.

@xibz
feat(extensions): add verifiable CloudEvents with DSSE
b620234 
Introduces the verifiability extension, enabling producers to
cryptographically sign CloudEvents and consumers to verify authenticity
and integrity using DSSE (Dead Simple Signing Envelope) v1.0.2.

Key design points:
- Canonical value serialization per CloudEvents type for format-neutral
  signatures (no wire-bytes requirement for context attributes)
- Optional signing of extension attributes via signedextattrs
- Consumer behavior configuration matrix (strict/passthrough/core-only)
- Proxy guidance: SHOULD re-sign when modifying signed fields
- SDK phased rollout: JSON format first, additional formats by vote
- Timestamp normalization to RFC 3339 Zulu with second precision

Signed-off-by: xibz <bjp@apple.com>
@xibz
Copy link
Copy Markdown
Author

xibz commented Jun 1, 2026

@duglin - Done!

@duglin
Copy link
Copy Markdown
Collaborator

duglin commented Jun 3, 2026

@xibz are all changed made and people should do a final review?

/cc @clemensv @jskeet

@xibz
Copy link
Copy Markdown
Author

xibz commented Jun 3, 2026

Yep, it's good for a final review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Adding zero trust to cloudevents

2 participants

@xibz @duglin