README
¶
ADEM Prototypes
This repository contains libraries and command line utilities that provide prototypes for An Authentic Digital Emblem (ADEM) as specified in https://adem-wg.github.io/adem-spec/. The prototypes are not fully specification compliant yet and will continue to evolve.
Prerequisites
All prototypes are written in the Go programming language.
To use them, you need to install go version 1.19 or higher.
After you have done so, you can clone this repository such that it is available on $GOPATH.
Usage
Packages provided by this go module are located in pkg and can be imported as github.com/adem-wg/adem-proto/pkg/....
Command line utilities can be executed by go run github.com/adem-wg/adem-proto/cmd/....
The utilities are documented and examples are provided in exm.
Acknowledgements
Work on this project was funded by the Werner Siemens-Stiftung (WSS). We thank the WSS for their generous support.
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
ctcheck
This tool reads JSON from stdin, attempts to parse it as "log" claim of endorsements, and verifies that the given certificates are committed to the respective logs.
|
This tool reads JSON from stdin, attempts to parse it as "log" claim of endorsements, and verifies that the given certificates are committed to the respective logs. |
|
emblemcheck
This tool will read a number of newline seperated tokens in JWS compact serialization (see [RFC 7515]) and attempt to verify them as ADEM tokens.
|
This tool will read a number of newline seperated tokens in JWS compact serialization (see [RFC 7515]) and attempt to verify them as ADEM tokens. |
|
emblemgen
This tool generates and signs ADEM tokens (emblems and endorsements).
|
This tool generates and signs ADEM tokens (emblems and endorsements). |
|
emblemserver
This tool starts an emblem distribution server.
|
This tool starts an emblem distribution server. |
|
kid
This tool takes a public key as argument and calculates its KID using its canonical JSON representation and SHA256.
|
This tool takes a public key as argument and calculates its KID using its canonical JSON representation and SHA256. |
|
leafhash
This tool calculates a certificate's embedded SCTs leaf hashes such that they can be used in /ct/v1/get-proof-by-hash queries (see [RFC 6962]).
|
This tool calculates a certificate's embedded SCTs leaf hashes such that they can be used in /ct/v1/get-proof-by-hash queries (see [RFC 6962]). |
|
probe
This tool sends an empty UDP packet to a given port and waits for emblems on another specified port in response.
|
This tool sends an empty UDP packet to a given port and waits for emblems on another specified port in response. |
|
rootsetupcheck
This tool reads JSON from stdin, attempts to parse it as "log" claim of endorsements, and verifies that the given public key is correctly committed to the given OI in the logs.
|
This tool reads JSON from stdin, attempts to parse it as "log" claim of endorsements, and verifies that the given public key is correctly committed to the given OI in the logs. |
|
pkg
|
|
|
roots
This file implements the checking of root key commitments for the Certificate Transparency API in v1.
|
This file implements the checking of root key commitments for the Certificate Transparency API in v1. |