Welcome to the official Github repository Credential Log. Credential Log is a merkle tree based transparency log utilised to store signature credentials of applications/artifacts signed by the Signature tools. This application hopes to resolve the adoption problem faced with artifact signature tools.
A simple introduction; Signature tools are utilised by software suppliers to authenticate their release artifacts/software. Users' retrieving this software who wish to verify its authenticity must, utilise the same signature tool. In short this application will be another layer on top of signing process, where the signature details will be sent to this log, users who would like to verify the specific software/artifact can make calls to the log independently and obtain the signature credentials and verify their downloaded software.
To establish this concept, Credential Log has initially been integrated with SigNature. This is to showcase how the concept is intended to work, with time its exxpected for Crednetial Log to integrate with other tools to proceed towards its vision.