Maven Central Adds Sigstore Signature Validation

Sonatype recently announced that the Maven Central Publisher Portal now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages. While not required for publishing, this update improves trust in published artifacts by ensuring that signed packages can be cryptographically validated at the time of publishing.

What This Change Means for Java Developers#

With this update, developers publishing Java packages to Maven Central can now include Sigstore signatures (.sigstore.json files) alongside their artifacts. The Central Publisher Portal will validate these signatures, providing warnings if verification fails.

• Sigstore signing is optional. Publishers are not required to sign packages with Sigstore at this time.
• Invalid Sigstore signatures will eventually block publishing, but missing signatures will not.
• PGP signatures remain the standard, and there are no immediate plans to replace them.

For package consumers, this means Sigstore signatures can be used to verify package provenance, but they will exist alongside traditional PGP signatures for the foreseeable future.

Maven Central’s announcement states that they “have no intention of replacing PGP signatures” with Sigstore signatures, as the PGP standards has served the repository well over the years but will consider replacing it in the future depending on adoption:

We are monitoring adoption of Sigstore and may eventually make both Sigstore and PGP signatures required for publishing. If the community adopts Sigstore, there is a possible future where it replaces PGP as the required signature standard for Maven Central. What we can guarantee is that there will always be a way to cryptographically verify components that are downloaded from Maven Central.

Why Sigstore?#

Sigstore is designed to simplify the cryptographic signing process while maintaining strong security guarantees. It eliminates the need for long-lived private keys by using keyless signing, where ephemeral signing keys are tied to a developer’s identity provider (such as GitHub, Google, or Microsoft). This makes signing easier to adopt and verify compared to traditional PGP.

Maven Central’s validation ensures that if a publisher chooses to provide Sigstore signatures, consumers can verify them with confidence, avoiding issues like misconfigured or improperly formatted signatures.

What Signing Is—And What It Isn’t#

Cryptographic signatures play an important role in securing the software supply chain, but they do not guarantee that code is safe.

A signed package tells you who published it and that it wasn’t tampered with after signing, but it does not prevent an attacker from injecting malicious code before a package is signed. The recent Ultralytics supply chain attack demonstrated this risk—malicious code was introduced into a signed and published package due to a compromised CI/CD cache. The fact that the package was signed did not prevent or even help detect the attack.

This highlights why signing should be part of a layered security strategy that includes:

• Dependency scanning to detect malicious or vulnerable code.
• Behavioral analysis to identify suspicious activity.
• Build integrity checks to ensure artifacts match source code.

Expanding Support for Cryptographic Signing Across Ecosystems#

The introduction of Sigstore validation in Maven Central reflects a broader industry shift toward stronger package provenance and verifiable software supply chains. Across ecosystems, package signing is becoming more widely adopted:

• PyPI has recently introduced digital attestations as part of its Trusted Publishing framework, leveraging Sigstore’s keyless signing to provide publicly verifiable proof of a package’s origin. This modern approach makes it easier to ensure that published packages come from an authenticated source without the complexity of managing long-lived cryptographic keys.
• In 2023, npm introduced provenance capabilities that that allow publishers to link releases back to their build environments, improving transparency and traceability.

Maven Central’s adoption of Sigstore validation signals continued momentum for more standardized, automated, and scalable package provenance. While PGP remains the default in Java, the increasing adoption of Sigstore could eventually lead to a shift in signing standards across the Java ecosystem.

For developers, this is a good time to explore how signing fits into a broader security strategy, not as a replacement for other security measures, but as an additional tool to help verify trust in open source dependencies.