certs

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 14, 2019 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var Cmd = &cobra.Command{
	Use:   "certs",
	Short: "Generate and renew certificate chains for the SCION control plane PKI.",
	Long: `
'certs' can be used to generate and renew certificate chains for the SCION control plane PKI.

Selector:
	*-*
		All ISDs and ASes under the root directory.
	X-*
		All ASes in ISD X.
	X-Y
		A specific AS X-Y, e.g. AS 1-ff00:0:300

'certs' needs to be pointed to the root directory where all keys and certificates are
stored on disk (-d flag). It expects the contents of the root directory to follow
a predefined structure:
	<root>/
		ISD1/
			isd.ini
			AS1/
				as.ini
				certs/
				keys/
			AS2/
			...
		ISD2/
			AS1/
			...
		...

as.ini contains the preconfigured parameters according to which 'certs' generates
the certificates. It follows the ini format and contains up to three sections:
"AS Certificate", "Issuer Certificate" (if also an issuer), "Key Algorithms" (if also a core).
The AS Certificate and Issuer Certificate sections can contain the following values:
	Issuer [required]
		string identifying the entity that signed the certificate. An AS is
		represented as a string ISD-AS (e.g., 1-ff00:0:300). This is only
		needed in the "AS Certificate" section.
	TRCVersion [required]
		integer representing the version of TRC that the issuer used at the time of
		signing the certificate.
	Version [required]
		integer representing the version of the certificate
	Comment [optional]
		arbitrary string used to describe the AS and certificate
	Validity [required]
		the validity of the certificate as a duration string, e.g., 180d or 36h
	IssuingTime (now) [optional]
		the time the certificate was issued as a UNIX timestamp
	EncAlgorithm (curve25519xalsa20poly1305) [optional]
		cryptographic algorithm that must be used to encrypt/decrypt a message
		with the subject’s public/private key
	SignAlgorithm (ed25519) [optional]
		cryptographic algorithm that must be used to sign/verify a message with
		the subject’s private/public key.
The Key Algorithms section that can contain following values
	Online (ed25519) [optional]
		cryptographic algorithm that must be used as signing algorithm by online key
	Offline (ed25519) [optional]
		cryptographic algorithm that must be used as signing algorithm by offline key
`,
}

Functions

This section is empty.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL