Skip to content

CONCEPT Cited by 1 source

PK Token

A PK Token is an OpenID Connect ID Token extended to commit to a public key. Introduced by the OpenPubkey project (Linux Foundation, 2023). The extension is done client-side and does not require changes to the OIDC protocol or cooperation from the OpenID Provider (OP).

Why it exists

A vanilla OIDC ID Token carries identity claims (email, sub, iss) signed by the OP, but not the user's public key. This limits what protocols can do with the token — identity alone doesn't authenticate a session key, encrypt a message to the user, or serve as an SSH credential.

A PK Token carries identity and a public key, so one verifier check can answer both: "is this really Alice?" and "is this really Alice's key?".

Concrete meaning

"Google says alice@example.com is using public key 0x123."

An ID Token by itself could only say the first clause. A PK Token says both.

What it enables

  • SSH without long-lived keys (OPKSSH). The PK Token is packaged into an SSH certificate extension and rides the normal SSH handshake; the server's OpenPubkey verifier checks both identity and key.
  • End-to-end-encrypted messaging bound to verified identity (mentioned as motivation in the OpenPubkey project; not explored in the currently-ingested sources).
  • Signed commits bound to verified identity (mentioned as motivation; not explored here).

Verifier invariants when consuming a PK Token

  1. PK Token signature is valid against the OP's published JWKS.
  2. PK Token is unexpired.
  3. Identity claims are what the relying party expects.
  4. The public key in the PK Token is the public key actually being used for the session. This last one is the load- bearing one — without it, a stolen PK Token could be bound to an attacker's keypair. Canonical instance of patterns/identity-to-key-binding.

Seen in

Last updated · 200 distilled / 1,178 read