pkid

command module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 11, 2017 License: MIT Imports: 5 Imported by: 0

README

pkid

A service for managing public key infrastructures via a REST-full interface.

Features

  • Manage multiple root CA's
  • Create signed sub-CA's
  • Create signed server certificates
  • Create signed client certificates
  • RSA or ECC Keys
  • Revoke Sub-CA's, clients or servers
  • Automatically create CRL's
  • Choosable storage layers
    • leveldb
    • raw filesystem
    • more comming soon...
  • can be build completely static -> no deps to openssl etc.
  • should run on Linux, Mac and Windows

Installation

> go get github.com/trusch/pkid
> pkid --storage leveldb:///usr/share/pkid --listen 0.0.0.0:80

API

Create Certificates

These endpoints are used to create keys and issue certificates.

Options for all following endpoints are:

  • name: string (required)
  • curve: string (optional, default: P521)
    • valid values: P521, P384, P256, P224
  • rsaBits: int (optional)
    • valid values: 4096, 2048, 1024
  • notBefore: int (optional, secs since epoche, defaults to current time)
  • validFor: string (optional, example: 12h30m, defaults to 8760h (-> 1 Year))
Create root CA (self signed)
  • Request: POST /ca?name=my-ca-name
  • Response: {uuid}
Create Sub CA
  • Request: POST /ca/{root-uuid}/ca?name=my-sub-ca
  • Response: {uuid}
Create Client
  • Request: POST /ca/{root-uuid}/client?name=my-client
  • Response: {uuid}
Create Server
  • Request: POST /ca/{root-uuid}/server?name=my-server
  • Response: {uuid}

Get Certificates/Keys

These endpoints are used to retrieve generated certificates and keys

Get CA Certificate
  • Request: GET /ca/{root-uuid}/cert
  • Response: {pem certificate data}
Get CA Key
  • Request: GET /ca/{root-uuid}/key
  • Response: {pem key data}
Get Client Certificate
  • Request: GET /ca/{root-uuid}/client/{uuid}/cert
  • Response: {pem certificate data}
Get Client Key
  • Request: GET /ca/{root-uuid}/client/{uuid}/key
  • Response: {pem key data}

Revoke Certificates

These endpoints can be used to revoke certificates and get the resulting CRL.

Revoke a CA
  • Request: POST /ca/{root-uuid}/ca/{uuid}/revoke
  • Response: "revoked"
Revoke a Server
  • Request: POST /ca/{root-uuid}/server/{uuid}/revoke
  • Response: "revoked"
Revoke a Client
  • Request: POST /ca/{root-uuid}/client/{uuid}/revoke
  • Response: "revoked"
Get Certificate Revocation List (CRL)
  • Request: GET /ca/{root-uuid}/crl
  • Response: {pem crl data}

Info about CA

These endpoints can be used to gather information about a specific CA

Get CA info
  • Request: GET /ca/{root-uuid}
  • Response:
  {
    "Entity": {
      "ID": "{uuid}",
      "Name": "my-ca",
      "IsRevoked": false,
    },
    "Revoked": [2,5,6],
    "CAs": {
      "{uuid}": "my-sub-ca"
    },
    "Clients": {
      "{uuid}": "my-client"
    },
    "Servers": {
      "{uuid}": "my-server"
    }
  }
List sub CA's
  • Request: GET /ca/{root-uuid}/ca
  • Response:
  {
    "{uuid}": "my-sub-ca"
  }
List clients
  • Request: GET /ca/{root-uuid}/client
  • Response:
  {
    "{uuid}": "my-client"
  }
List servers
  • Request: GET /ca/{root-uuid}/server
  • Response:
  {
    "{uuid}": "my-server"
  }

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.