ca

command module
v0.0.0-...-ebee8aa Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 14, 2014 License: Apache-2.0 Imports: 4 Imported by: 0

README

etcd-ca

A simple certificate manager written in Go. Easy to use with limited capability.

Build Status

Common Uses

etcd-ca allows you to build your own certificate system:

  1. Create certificate authority
  2. Create, issue and export host certificates
  3. Manage host identities
  4. Deploy a Public Key Infrastructure

Primarly used for coreos/etcd SSL/TLS testing.

Certificate architecture

etcd-ca inits a certificate authority, and issues certificates using the authority only. It indicates the length of authorization path is at most 2.

Examples

Create a new certificate authority:
$ ./etcd-ca init
Created ca/key
Created ca/crt
Create a new host identity, including keypair and certificate request:
$ ./etcd-ca new-cert alice
Created alice/key
Created alice/csr

etcd-ca uses 127.0.0.1 for IP SAN in default. If etcd has peer address $etcd_ip other than 127.0.0.1, run ./etcd-ca new-cert --ip $etcd_ip alice instead.

Sign certificate request of host and generate the certificate:
$ ./etcd-ca sign alice
Created alice/crt from alice/csr signed by ca.key
Export the certificate chain for host:
$ ./etcd-ca chain alice
----BEGIN CERTIFICATE-----
CA certificate body
-----END CERTIFICATE-----
----BEGIN CERTIFICATE-----
alice certificate body
-----END CERTIFICATE-----
Package up the certificate and key of host:
$ ./etcd-ca export alice > alice.tar

Because etcd takes unencrypted key for -key-file and -peer-key-file, you should use ./etcd-ca export --insecure alice > alice.tar to export private key.

List the status of all certificates:
$ ./etcd-ca status
ca: WARN (60 days until expiration)
alice: OK (120 days until expiration)
bob: Unsigned

Getting Started

Building

You can build etcd-ca from source:

$ git clone https://github.com/coreos/etcd-ca
$ cd etcd-ca
$ ./build

This will generate a binary called ./bin/etcd-ca

Project Details

Contributing

See CONTRIBUTING for details on submitting patches and contacting developers via IRC and mailing lists.

License

fleet is under the Apache 2.0 license. See the LICENSE file for details.

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
third_party
code.google.com/p/go.crypto/bcrypt
Package bcrypt implements Provos and Mazières's bcrypt adaptive hashing algorithm.
Package bcrypt implements Provos and Mazières's bcrypt adaptive hashing algorithm.
code.google.com/p/go.crypto/blowfish
Package blowfish implements Bruce Schneier's Blowfish encryption algorithm.
Package blowfish implements Bruce Schneier's Blowfish encryption algorithm.
code.google.com/p/go.crypto/bn256
Package bn256 implements a particular bilinear group at the 128-bit security level.
Package bn256 implements a particular bilinear group at the 128-bit security level.
code.google.com/p/go.crypto/cast5
Package cast5 implements CAST5, as defined in RFC 2144.
Package cast5 implements CAST5, as defined in RFC 2144.
code.google.com/p/go.crypto/curve25519
Package curve25519 provides an implementation of scalar multiplication on the elliptic curve known as curve25519.
Package curve25519 provides an implementation of scalar multiplication on the elliptic curve known as curve25519.
code.google.com/p/go.crypto/hkdf
Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869.
Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869.
code.google.com/p/go.crypto/md4
Package md4 implements the MD4 hash algorithm as defined in RFC 1320.
Package md4 implements the MD4 hash algorithm as defined in RFC 1320.
code.google.com/p/go.crypto/nacl/box
Package box authenticates and encrypts messages using public-key cryptography.
Package box authenticates and encrypts messages using public-key cryptography.
code.google.com/p/go.crypto/nacl/secretbox
Package secretbox encrypts and authenticates small messages.
Package secretbox encrypts and authenticates small messages.
code.google.com/p/go.crypto/ocsp
Package ocsp parses OCSP responses as specified in RFC 2560.
Package ocsp parses OCSP responses as specified in RFC 2560.
code.google.com/p/go.crypto/openpgp
Package openpgp implements high level operations on OpenPGP messages.
Package openpgp implements high level operations on OpenPGP messages.
code.google.com/p/go.crypto/openpgp/armor
Package armor implements OpenPGP ASCII Armor, see RFC 4880.
Package armor implements OpenPGP ASCII Armor, see RFC 4880.
code.google.com/p/go.crypto/openpgp/clearsign
Package clearsign generates and processes OpenPGP, clear-signed data.
Package clearsign generates and processes OpenPGP, clear-signed data.
code.google.com/p/go.crypto/openpgp/elgamal
Package elgamal implements ElGamal encryption, suitable for OpenPGP, as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Transactions on Information Theory, v.
Package elgamal implements ElGamal encryption, suitable for OpenPGP, as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Transactions on Information Theory, v.
code.google.com/p/go.crypto/openpgp/errors
Package errors contains common error types for the OpenPGP packages.
Package errors contains common error types for the OpenPGP packages.
code.google.com/p/go.crypto/openpgp/packet
Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880.
Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880.
code.google.com/p/go.crypto/openpgp/s2k
Package s2k implements the various OpenPGP string-to-key transforms as specified in RFC 4800 section 3.7.1.
Package s2k implements the various OpenPGP string-to-key transforms as specified in RFC 4800 section 3.7.1.
code.google.com/p/go.crypto/otr
Package otr implements the Off The Record protocol as specified in http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html
Package otr implements the Off The Record protocol as specified in http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html
code.google.com/p/go.crypto/pbkdf2
Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 2898 / PKCS #5 v2.0.
Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 2898 / PKCS #5 v2.0.
code.google.com/p/go.crypto/poly1305
Package poly1305 implements Poly1305 one-time message authentication code as specified in http://cr.yp.to/mac/poly1305-20050329.pdf.
Package poly1305 implements Poly1305 one-time message authentication code as specified in http://cr.yp.to/mac/poly1305-20050329.pdf.
code.google.com/p/go.crypto/ripemd160
Package ripemd160 implements the RIPEMD-160 hash algorithm.
Package ripemd160 implements the RIPEMD-160 hash algorithm.
code.google.com/p/go.crypto/salsa20
Package salsa20 implements the Salsa20 stream cipher as specified in http://cr.yp.to/snuffle/spec.pdf.
Package salsa20 implements the Salsa20 stream cipher as specified in http://cr.yp.to/snuffle/spec.pdf.
code.google.com/p/go.crypto/salsa20/salsa
Package salsa provides low-level access to functions in the Salsa family.
Package salsa provides low-level access to functions in the Salsa family.
code.google.com/p/go.crypto/scrypt
Package scrypt implements the scrypt key derivation function as defined in Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard Functions" (http://www.tarsnap.com/scrypt/scrypt.pdf).
Package scrypt implements the scrypt key derivation function as defined in Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard Functions" (http://www.tarsnap.com/scrypt/scrypt.pdf).
code.google.com/p/go.crypto/sha3
Package sha3 implements the SHA3 hash algorithm (formerly called Keccak) chosen by NIST in 2012.
Package sha3 implements the SHA3 hash algorithm (formerly called Keccak) chosen by NIST in 2012.
code.google.com/p/go.crypto/ssh
Package ssh implements an SSH client and server.
Package ssh implements an SSH client and server.
code.google.com/p/go.crypto/ssh/terminal
Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems.
Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems.
code.google.com/p/go.crypto/ssh/test
This package contains integration tests for the code.google.com/p/go.crypto/ssh package.
This package contains integration tests for the code.google.com/p/go.crypto/ssh package.
code.google.com/p/go.crypto/twofish
Package twofish implements Bruce Schneier's Twofish encryption algorithm.
Package twofish implements Bruce Schneier's Twofish encryption algorithm.
code.google.com/p/go.crypto/xtea
Package xtea implements XTEA encryption, as defined in Needham and Wheeler's 1997 technical report, "Tea extensions."
Package xtea implements XTEA encryption, as defined in Needham and Wheeler's 1997 technical report, "Tea extensions."
code.google.com/p/go.crypto/xts
Package xts implements the XTS cipher mode as specified in IEEE P1619/D16.
Package xts implements the XTS cipher mode as specified in IEEE P1619/D16.
github.com/codegangsta/cli
Package cli provides a minimal framework for creating and organizing command line Go applications.
Package cli provides a minimal framework for creating and organizing command line Go applications.
github.com/jstemmer/pkcs10
Package pkcs10 parses and creates PKCS#10 certificate signing requests, as specified in RFC 2986.
Package pkcs10 parses and creates PKCS#10 certificate signing requests, as specified in RFC 2986.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL