{"id":13514347,"url":"https://github.com/google/keytransparency","last_synced_at":"2025-09-27T08:30:29.545Z","repository":{"id":33519104,"uuid":"37165115","full_name":"google/keytransparency","owner":"google","description":"A transparent and secure way to look up public keys.","archived":true,"fork":false,"pushed_at":"2021-07-05T06:39:36.000Z","size":25823,"stargazers_count":1573,"open_issues_count":56,"forks_count":149,"subscribers_count":65,"default_branch":"master","last_synced_at":"2025-09-10T16:07:06.667Z","etag":null,"topics":["block-chain","coniks","key-management","merkletree","public-keys","secure-by-default","verifiable-data-structures","verifiable-random-function","vrf"],"latest_commit_sha":null,"homepage":"https://security.googleblog.com/2017/01/security-through-transparency.html","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/google.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null}},"created_at":"2015-06-09T23:55:20.000Z","updated_at":"2025-08-04T13:02:13.000Z","dependencies_parsed_at":"2022-08-07T22:00:30.444Z","dependency_job_id":null,"html_url":"https://github.com/google/keytransparency","commit_stats":null,"previous_names":["google/key-transparency"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/google/keytransparency","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fkeytransparency","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fkeytransparency/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fkeytransparency/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fkeytransparency/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/google","download_url":"https://codeload.github.com/google/keytransparency/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fkeytransparency/sbom","scorecard":{"id":437318,"data":{"date":"2025-08-11","repo":{"name":"github.com/google/keytransparency","commit":"c1d8b03b87f098b18637b89ab17ff4c1c49fd1e2"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":3,"reason":"Found 7/21 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":4,"reason":"dependency not pinned by hash detected -- score normalized to 4","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/google/keytransparency/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/google/keytransparency/build.yml/master?enable=pin","Warn: containerImage not pinned by hash: cmd/keytransparency-monitor/Dockerfile:1","Warn: containerImage not pinned by hash: cmd/keytransparency-monitor/Dockerfile:12: pin your Docker image by updating gcr.io/distroless/base to gcr.io/distroless/base@sha256:4f6e739881403e7d50f52a4e574c4e3c88266031fd555303ee2f1ba262523d6a","Warn: containerImage not pinned by hash: cmd/keytransparency-sequencer/Dockerfile:1","Warn: containerImage not pinned by hash: cmd/keytransparency-sequencer/Dockerfile:12: pin your Docker image by updating gcr.io/distroless/base to gcr.io/distroless/base@sha256:4f6e739881403e7d50f52a4e574c4e3c88266031fd555303ee2f1ba262523d6a","Warn: containerImage not pinned by hash: cmd/keytransparency-server/Dockerfile:1","Warn: containerImage not pinned by hash: cmd/keytransparency-server/Dockerfile:12: pin your Docker image by updating gcr.io/distroless/base to gcr.io/distroless/base@sha256:4f6e739881403e7d50f52a4e574c4e3c88266031fd555303ee2f1ba262523d6a","Warn: containerImage not pinned by hash: deploy/docker/init/Dockerfile:1: pin your Docker image by updating alpine:3.4 to alpine:3.4@sha256:b733d4a32c4da6a00a84df2ca32791bb03df95400243648d8c539e7b4cce329c","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 containerImage dependencies pinned","Info:   7 out of   7 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/google/.github/SECURITY.md:1","Info: Found linked content: github.com/google/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/google/.github/SECURITY.md:1","Info: Found text in security policy: github.com/google/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"12 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3372 / GHSA-6wxm-mpqj-6jpf","Warn: Project is vulnerable to: GO-2022-0322 / GHSA-cg3q-j54f-5p7p","Warn: Project is vulnerable to: GO-2021-0227 / GHSA-3vm4-22fp-5rfm","Warn: Project is vulnerable to: GO-2022-0968 / GHSA-gwc9-m7rh-j2ww","Warn: Project is vulnerable to: GO-2021-0356 / GHSA-8c26-wmh5-6g9v","Warn: Project is vulnerable to: GO-2024-2961","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9","Warn: Project is vulnerable to: GO-2023-2153 / GHSA-m425-mq94-257g / GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T04:58:59.402Z","repository_id":33519104,"created_at":"2025-08-19T04:58:59.402Z","updated_at":"2025-08-19T04:58:59.402Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275666420,"owners_count":25506162,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-17T02:00:09.119Z","response_time":84,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["block-chain","coniks","key-management","merkletree","public-keys","secure-by-default","verifiable-data-structures","verifiable-random-function","vrf"],"created_at":"2024-08-01T05:00:53.773Z","updated_at":"2025-09-27T08:30:29.526Z","avatar_url":"https://github.com/google.png","language":"Go","readme":"# Key Transparency\n\n[![GoDoc](https://godoc.org/github.com/google/keytransparency?status.svg)](https://godoc.org/github.com/google/keytransparency)\n[![Build Status](https://travis-ci.com/google/keytransparency.svg?branch=master)](https://travis-ci.com/google/keytransparency)\n[![Go Report Card](https://goreportcard.com/badge/github.com/google/keytransparency)](https://goreportcard.com/report/github.com/google/keytransparency)\n[![codecov](https://codecov.io/gh/google/keytransparency/branch/master/graph/badge.svg)](https://codecov.io/gh/google/keytransparency)\n\n![Key Transparency Logo](docs/images/logo.png)\n\n\nKey Transparency provides a lookup service for generic records and a public,\ntamper-proof audit log of all record changes. While being publicly auditable,\nindividual records are only revealed in response to queries for specific IDs.\n\nKey Transparency can be used as a public key discovery service to authenticate\nusers and provides a mechanism to keep the service accountable.  \n\nKey Transparency empowers account owners to [reliably see](docs/verification.md) what public keys have been\nassociated with their account, and it can be used by senders to see how long an\naccount has been active and stable before trusting it.\n\nKey Transparency can add [verifiable](docs/verification.md) and user-friendly auditing to any [scenario](docs/scenarios.md) that involves \nauthenticating users with public keys, including [Universal Second Factor Security Keys](https://en.wikipedia.org/wiki/Universal_2nd_Factor) and end-to-end encryption.\n\n* [Overview](docs/overview.md)\n* [Design document](docs/design.md)\n* [API](docs/api.md)\n\n### Project Status\nKey Transparency is a work-in-progress with the [following milestones](https://github.com/google/keytransparency/milestones) under development.\n\n## Key Transparency Client\n\n### Setup\n1. Install [Go 1.13](https://golang.org/doc/install).\n2. `GO111MODULE=on go get github.com/google/keytransparency/cmd/keytransparency-client`\n\n### Client operations\n\n## View a Directory's Public Keys\nThe Key Transparency server publishes a separate set of public keys for each directory that it hosts.\nBy hosting multiple directories, a single domain can host directories for multiple apps or customers.\nA standardized pattern for discovering domains and directories is a TODO in issue #389.\n\nWithin a directory the server uses the following public keys to sign its responses:\n1. `log.public_key` signs the top-most Merkle tree root, covering the ordered list of map roots.\n2. `map.public_key` signs each snapshot of the key-value database in the form of a sparse Merkle tree.\n3. `vrf.der` signs outputs of the [Verifiable Random Function](https://en.wikipedia.org/wiki/Verifiable_random_function)\n    which obscures the key values in the key-value database.\n\nA directory's public keys can be retrieved over HTTPS/JSON with curl\nor over gRPC with [grpcurl](https://github.com/fullstorydev/grpcurl).\nThe sandboxserver has been initialized with a domain named `default`.\n```sh\n$ curl -s https://sandbox.keytransparency.dev/v1/directories/default | json_pp\n$ grpcurl -d '{\"directory_id\": \"default\"}' sandbox.keytransparency.dev:443 google.keytransparency.v1.KeyTransparency/GetDirectory\n```\n\n\u003cdetails\u003e\n  \u003csummary\u003eShow output\u003c/summary\u003e\n\n```sh\n{\n   \"directory_id\" : \"default\",\n   \"log\" : {\n      \"hash_algorithm\" : \"SHA256\",\n      \"hash_strategy\" : \"RFC6962_SHA256\",\n      \"public_key\" : {\n         \"der\" : \"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXPi4Ut3cRY3OCXWvcSnE/sk6tbDEgBeZapfEy/BIKfsMbj3hPLG+WEjzh1IP2TDirc9GpQ+r9HVGR81KqRpbjw==\"\n      },\n      \"signature_algorithm\" : \"ECDSA\",\n      \"tree_id\" : \"4565568921879890247\",\n      \"tree_type\" : \"PREORDERED_LOG\"\n   },\n   \"map\" : {\n      \"hash_algorithm\" : \"SHA256\",\n      \"hash_strategy\" : \"CONIKS_SHA256\",\n      \"public_key\" : {\n         \"der\" : \"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgX6ITeFrqLmclqH+3XVhbaEeJO37vy1dZYRFxpKScERdeeu3XRirJszc5KJgaZs0LdvJqOccfNc2gJfInLGIuA==\"\n      },\n      \"signature_algorithm\" : \"ECDSA\",\n      \"tree_id\" : \"5601540825264769688\",\n      \"tree_type\" : \"MAP\"\n   },\n   \"max_interval\" : \"60s\",\n   \"min_interval\" : \"1s\",\n   \"vrf\" : {\n      \"der\" : \"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvuqCkY9rM/jq/8hAoQn2PClvlNvVeV0MSUqzc67q6W+MzY/YZKmPLY5t/n/VUEqeSgwU+/sXgER3trsL6nZu+A==\"\n   }\n}\n```\n\u003c/details\u003e\n\n#### Generate Update Signing Keys\nEvery update to a user record in key transparency must be signed by an `authorized-key`.\n\nUpdate signatures are saved in the Merkle tree data structure, producing a record of *who* made each change to a user's\naccount, allowing products to distinguish between changes signed by a user key, the provider's key, or a reset-provider's key.\n\nEach account has an updatable policy that lists the current set of authorized public keys that are allowed to make updates to the user's record.\n\nTo create an initial set of update signing keys, run the `authorized-keys create-keyset` command.\nKeys will be saved in a `.keyset` file in the current working directory.\n```sh\n$ PASSWORD=[[YOUR-KEYSET-PASSWORD]]\n$ keytransparency-client authorized-keys create-keyset --password=${PASSWORD}\n```\n\u003cdetails\u003e\n  \u003csummary\u003eShow output\u003c/summary\u003e\n\n```sh\n$ PASSWORD=[[YOUR-KEYSET-PASSWORD]]\n$ keytransparency-client authorized-keys create-keyset --password=${PASSWORD}\n$ keytransparency-client authorized-keys list-keyset --password=${PASSWORD}\nMy Authorized Keys:\nprimary_key_id:17445529 key_info:\u003ctype_url:\"type.googleapis.com/google.crypto.tink.EcdsaPrivateKey\" status:ENABLED key_id:17445529 output_prefix_type:TINK \u003e\n```\n\u003c/details\u003e\n\n#### Publish the public key\nAny number of protocols may be used to prove to the server that a client owns a userID.\nThe sandbox server supports a fake authentication string and [OAuth](https://console.developers.google.com/apis/credentials).\n\nCreate or fetch the public key for your specific application.\n  ```sh\n   openssl genpkey -algorithm X25519 -out xkey.pem\n   openssl pkey -in xkey.pem -pubout\n   -----BEGIN PUBLIC KEY-----\n   MCowBQYDK2VuAyEAtCAsIMDyVUUooA5yhgRefcEr7edVOmyNCUaN1LCYl3s=\n   -----END PUBLIC KEY-----\n  ```\n\n  ```sh\n  keytransparency-client post user@domain.com \\\n  --kt-url sandbox.keytransparency.dev:443 \\\n  --fake-auth-userid user@domain.com \\\n  --password=${PASSWORD} \\\n  --verbose \\\n  --logtostderr \\\n  --data='MCowBQYDK2VuAyEAtCAsIMDyVUUooA5yhgRefcEr7edVOmyNCUaN1LCYl3s=' #Your public key in base64\n  ```\n\n#### Get and verify a public key\n\n  ```\n  keytransparency-client get \u003cemail\u003e --kt-url sandbox.keytransparency.dev:443 --verbose\n  ✓ Commitment verified.\n  ✓ VRF verified.\n  ✓ Sparse tree proof verified.\n  ✓ Signed Map Head signature verified.\n  CT ✓ STH signature verified.\n  CT ✓ Consistency proof verified.\n  CT   New trusted STH: 2016-09-12 15:31:19.547 -0700 PDT\n  CT ✓ SCT signature verified. Saving SCT for future inclusion proof verification.\n  ✓ Signed Map Head CT inclusion proof verified.\n  keys:\u003ckey:\"app1\" value:\"test\" \u003e\n  ```\n\n#### Verify key history\n  ```\n  keytransparency-client history user@domain.com --kt-url sandbox.keytransparency.dev:443\n  Revision |Timestamp                    |Profile\n  4        |Mon Sep 12 22:23:54 UTC 2016 |keys:\u003ckey:\"app1\" value:\"test\" \u003e\n  ```\n\n#### Checks\n- [Proof for foo@bar.com](https://sandbox.keytransparency.dev/v1/directories/default/users/foo@bar.com)\n- [Server configuration info](https://sandbox.keytransparency.dev/v1/directories/default)\n\n## Running the server locally with Docker Compose\n\nPrerequisites\n- [GoLang](https://golang.org/doc/install)\n- [OpenSSL](https://www.openssl.org/community/binaries.html)\n- [Docker](https://docs.docker.com/engine/installation/)\n   - Docker Engine 1.17.6+ `docker version -f '{{.Server.APIVersion}}'`\n   - Docker Compose 1.11.0+ `docker-compose --version`\n\n### Deploy the KeyTransparency service\n\n1. Run the deployment script\n   ```sh\n   # Download the latest version of keytransparency\n   git clone https://github.com/google/keytransparency.git\n   cd keytransparency\n\n   # Run the deployment script for local environment\n   ./scripts/deploy_local.sh deploy\n   ```\n\n2. Check Docker's running containers\n   ```sh\n   docker container ls\n   ```\n   You should see 8 new running containers:\n   - gcr.io/key-transparency/keytransparency-monitor\n   - gcr.io/key-transparency/keytransparency-sequencer\n   - gcr.io/trillian-opensource-ci/map_server\n   - gcr.io/trillian-opensource-ci/log_signer\n   - gcr.io/trillian-opensource-ci/log_server\n   - gcr.io/key-transparency/keytransparency-server\n   - gcr.io/trillian-opensource-ci/db_server\n   - prom/prometheus\n\n3. Watch it Run\n- [Proof for foo@bar.com](https://localhost/v1/directories/default/users/foo@bar.com)\n- [Server configuration info](https://localhost/v1/directories/default)\n\n\n### Terminate the KeyTransparency service\n\nThe script will remove all the containers and their networks.\n```sh\n# Run the script to undeploy\n./scripts/deploy_local.sh undeploy\n```\n\n## Development and Testing\nKey Transparency and its [Trillian](https://github.com/google/trillian) backend\nuse a [MySQL database](https://github.com/google/trillian/blob/master/README.md#mysql-setup),\nwhich must be setup in order for the Key Transparency tests to work.\n\n`docker-compose up -d db` will launch the database in the background.\n\n### Directory structure\n\nThe directory structure of Key Transparency is as follows:\n\n* [**cmd**](cmd): binaries\n    * [**keytransparency-client**](cmd/keytransparency-client): Key Transparency CLI client.\n    * [keytransparency-sequencer](cmd/keytransparency-sequencer): Key Transparency backend.\n    * [keytransparency-server](cmd/keytransparency-sequencer): Key Transparency frontend.\n* [**core**](core): main library source code. Core libraries do not import [impl](impl).\n    * [adminserver](core/adminserver): private API for creating new directories.\n    * [**api**](core/api): gRPC API definitions.\n    * [**crypto**](core/crypto): verifiable random function and commitment implementations.\n    * [directory](core/directory): interface for retrieving directory info from storage.\n    * [keyserver](core/keyserver): keyserver implementation.\n    * [**mutator**](core/mutator): \"smart contract\" implementation.\n    * [sequencer](core/sequencer): mutation executor.\n* [**deploy**](deploy): deployment configs:\n    * [docker](deploy/docker): init helper.\n    * [**kubernetes**](deploy/kubernetes): kube deploy configs.\n    * [prometheus](deploy/prometheus): monitoring docker module.\n* [**docs**](docs): documentation.\n* [**impl**](impl): environment specific modules:\n    * [**authentication**](impl/authentication): authentication policy grpc interceptor.\n    * [**authorization**](impl/authorization): OAuth and fake auth grpc interceptor.\n    * [integration](impl/integration): environment specific integration tests.\n    * [**mysql**](impl/mysql): mysql implementations of storage modules.\n* [**scripts**](scripts): scripts\n    * [**deploy**](scripts/deploy.sh): deploy to Google Compute Engine.\n\n\n## Support\n\n- [Mailing list](https://groups.google.com/forum/#!forum/keytransparency).\n\n## Acknowledgements\n\nKey Transparency would not have been possible without a whole host of collaborators including researchers, interns, and [open source contributors](https://github.com/google/keytransparency/graphs/contributors).\n\nKey Transparency was inspired by [CONIKS](https://eprint.iacr.org/2014/1004.pdf) and [Certificate Transparency](https://www.certificate-transparency.org/).\n\n## Related\n\n* [Google Security Blog Post](https://security.googleblog.com/2017/01/security-through-transparency.html)\n* [CONIKS Project](https://coniks.cs.princeton.edu/)\n* [Why Making Johnny's Key Management Transparent is So Challenging](https://freedom-to-tinker.com/2016/03/31/why-making-johnnys-key-management-transparent-is-so-challenging/)\n* [Google Launches Key Transparency While a Trade-Off in WhatsApp Is Called a Backdoor](https://www.eff.org/deeplinks/2017/01/google-launches-key-transparency-while-tradeoff-whatsapp-called-backdoor)\n* [On Ghost Users and Messaging Backdoors](https://blog.cryptographyengineering.com/2018/12/17/on-ghost-users-and-messaging-backdoors/)\n* [Verifiable Random Functions](https://www.cs.bu.edu/~goldbe/projects/vrf)\n* [Message Layer Security](https://tools.ietf.org/html/draft-ietf-mls-architecture)\n* [OpenPGP Email Summit 2019](https://wiki.gnupg.org/OpenPGPEmailSummit201910Notes#Workshop:_Key_Transparency)\n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fkeytransparency","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogle%2Fkeytransparency","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fkeytransparency/lists"}