certs

package

v0.1.1 Latest Latest Go to latest Published: Jul 31, 2018 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/joelfischerr/scion

Links

Open Source Insights

Documentation ¶

Index ¶

Variables

Constants ¶

This section is empty.

Variables ¶

View Source

var Cmd = &cobra.Command{
	Use:   "certs",
	Short: "Generate and renew certificate chains for the SCION control plane PKI.",
	Long: `
'certs' can be used to generate and renew certificate chains for the SCION control plane PKI.

Selector:
	*-*
		All ISDs and ASes under the root directory.
	X-*
		All ASes in ISD X.
	X-Y
		A specific AS X-Y, e.g. AS 1-ff00:0:300

'certs' needs to be pointed to the root directory where all keys and certificates are
stored on disk (-d flag). It expects the contents of the root directory to follow
a predefined structure:
	<root>/
		ISD1/
			isd.ini
			AS1/
				as.ini
				certs/
				keys/
			AS2/
			...
		ISD2/
			AS1/
			...
		...

as.ini contains the preconfigured parameters according to which 'certs' generates
the certificates. It follows the ini format and contains up to three sections:
"AS Certificate", "Issuer Certificate" (if also an issuer), "Key Algorithms" (if also a core).
The AS Certificate and Issuer Certificate sections can contain the following values:
	Issuer [required]
		string identifying the entity that signed the certificate. An AS is
		represented as a string ISD-AS (e.g., 1-ff00:0:300). This is only
		needed in the "AS Certificate" section.
	TRCVersion [required]
		integer representing the version of TRC that the issuer used at the time of
		signing the certificate.
	Version [required]
		integer representing the version of the certificate
	Comment [optional]
		arbitrary string used to describe the AS and certificate
	Validity [required]
		the validity of the certificate as a duration string, e.g., 180d or 36h
	IssuingTime (now) [optional]
		the time the certificate was issued as a UNIX timestamp
	EncAlgorithm (curve25519xalsa20poly1305) [optional]
		cryptographic algorithm that must be used to encrypt/decrypt a message
		with the subject’s public/private key
	SignAlgorithm (ed25519) [optional]
		cryptographic algorithm that must be used to sign/verify a message with
		the subject’s private/public key.
The Key Algorithms section that can contain following values
	Online (ed25519) [optional]
		cryptographic algorithm that must be used as signing algorithm by online key
	Offline (ed25519) [optional]
		cryptographic algorithm that must be used as signing algorithm by offline key
`,
}

Functions ¶

This section is empty.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL