This document describes the architecture of WebSign. WebSign was originally presented during our talks at Black Hat 2016 and DEF CON 24 (deck, video), and is now protected by US Patent 9,906,369.
WebSign's state-of-the-art signing infrastructure utilizes a custom hardware design to enforce strict security.
Private keys live on encrypted cold storage inside an air gapped device. Signing is performed manually over temporary unidirectional networks. This hardens our process against exfiltration from zero-day exploits.
FUTURE-PROOF NEXT-GENERATION CRYPTOGRAPHY
WebSign combines classical elliptic curves with the post-quantum SPHINCS+ signing scheme, a NIST PQC winner.
This allows WebSign to be used in applications with the highest security requirements.
DECENTRALIZED AUTONOMOUS ORGANIZATION
Coming soon! We are developing a blockchain-based decentralized autonomous organization (DAO) that will enhance the scalability and transparency of our signing infrastructure.
CLIENT-SIDE VALIDATION LAYER
WebSign's client-side validation layer consumes and executes the signed packages of your application code.
Think of it like the App Store, but without a marketplace. It just "installs" your web app and then gets out of the way.
TRUST ON FIRST USE
Using the method described in our patent and conference talks, WebSign provides a Trust on First Use (TOFU) model, for comparable security properties with native applications.
The first time a user opens a WebSigned web app, the validation layer is persistently pinned such that it cannot be overwritten by remote servers.
INTERPLANETARY FILE SYSTEM
For performance and censorship-resistance reasons, WebSign leverages the decentralized InterPlanetary File System (IPFS) network as a storage layer.
Packages are preferentially downloaded peer-to-peer, with an HTTPS gateway fallback. Heavy client-side caching is additionally used to improve performance and mitigate potential downtime.