Skip to content

Ockam v0.81.0
Compare
Choose a tag to compare
@github-actions github-actions released this 24 Feb 05:23
· 0 commits to 60c88cc33c0995c5c0987454f238301623226f92 since this release
ockam_v0.81.0
This tag was signed with the committer’s verified signature.
ockam-team Ockam Developers
GPG key ID: 11E227E7093E6E91
Learn about vigilant mode.
fe79c13
This commit was signed with the committer’s verified signature.
ockam-team Ockam Developers
GPG key ID: 11E227E7093E6E91
Learn about vigilant mode.

Add end-to-end encryption to any client and server application

As something to try with this new release let's build a solution for a very common secure communication topology that applies to many real world use cases. We'll build our first example using Ockam Command but it is just as easy to build end-to-end trustful communication using Ockam Programming Libraries

An application service and an application client running in two private networks wish to securely communicate with each other without exposing ports on the Internet. In a few simple commands, we’ll make them safely talk to each other through an End-to-End Encrypted Cloud Relay.

Install Ockam Command

If you use Homebrew, you can install Ockam using brew.

# Tap and install Ockam Command
brew install build-trust/ockam/ockam

This will download a precompiled binary and add it to your path. If you don’t
use Homebrew, you can also install on Linux and MacOS systems using curl.

curl --proto '=https' --tlsv1.2 -sSf \
    https://raw.githubusercontent.com/build-trust/ockam/develop/install.sh | sh

After the binary downloads, please move it to a location that is in your
shell's $PATH

mv ockam /usr/local/bin

End-to-end encrypted and mutually authenticated communication

Next, step through the following commands to setup secure and private
communication between our application service and an application client.

# Check that everything was installed correctly by enrolling with Ockam Orchestrator.
#
# This will create a Space and Project for you in Ockam Orchestrator and provision an
# End-to-End Encrypted Cloud Relay service in your `default` project at `/project/default`.
ockam enroll
ockam project information --output json > default-project.json

# -- APPLICATION SERVICE --

# Start an application service, listening on a local ip and port, that clients would access
# through the cloud encrypted relay. We'll use a simple http server for this first example but
# this could be any other application service.
python3 -m http.server --bind 127.0.0.1 5000

# In a new terminal window, setup an ockam node, called `s`, as a sidecar next to the
# application service. Then create a tcp outlet, on the `s` node, to send raw tcp traffic to the
# service. Finally create a forwarder in your default Orchestrator project.
ockam node create s --project default-project.json
ockam tcp-outlet create --at /node/s --from /service/outlet --to 127.0.0.1:5000
ockam forwarder create s --at /project/default --to /node/s

# -- APPLICATION CLIENT --

# Setup an ockam node, called `c`, as a sidecar next to our application client. Then create an
# end-to-end encrypted secure channel with s, through the cloud relay. Finally, tunnel traffic
# from a local tcp inlet through this end-to-end secure channel.
ockam node create c --project default-project.json
ockam secure-channel create --from /node/c --to /project/default/service/forward_to_s/service/api\
  | ockam tcp-inlet create --at /node/c --from 127.0.0.1:7000 --to -/service/outlet

# Access the application service, that may be in a remote private network though the end-to-end
# encrypted secure channel, via your private and encrypted cloud relay.
curl --head 127.0.0.1:7000

To learn more checkout out docs.ockam.io

Homebrew

To install this release using Homebrew:

$ brew install build-trust/ockam/ockam

Precompiled Binaries

# download sha256sums.txt
curl --proto '=https' --tlsv1.2 -sSfL -O \
  https://github.com/build-trust/ockam/releases/download/ockam_v0.81.0/sha256sums.txt

# download sha256sums.txt.sig
curl --proto '=https' --tlsv1.2 -sSfL -O \
  https://github.com/build-trust/ockam/releases/download/ockam_v0.81.0/sha256sums.txt.sig

# download our release public key
curl --proto '=https' --tlsv1.2 -sSfL -o ockam.pub \
  https://raw.githubusercontent.com/build-trust/ockam/develop/tools/docker/cosign.pub

# verify signatures
cosign verify-blob --key ockam.pub --signature sha256sums.txt.sig sha256sums.txt

# download ockam command binary for your architecture
curl --proto '=https' --tlsv1.2 -sSfL -O \
  https://github.com/build-trust/ockam/releases/download/ockam_v0.81.0/ockam.x86_64-unknown-linux-gnu

# verify that the sha256 hash of the downloaded binary is the same as
# the corresponding hash mentioned in sha256sums.txt
cat sha256sums.txt | grep ockam.x86_64-unknown-linux-gnu | sha256sum -c

# rename the download binary and give it permission to execute
mv ockam.x86_64-unknown-linux-gnu ockam
chmod u+x ockam

Rust Crates

To use Ockam as a Rust library, run the following command within your project directory:

cargo add ockam@0.81.0

The following crates were published as part of this release:

Contributors

The following people contributed to this release, thank you all 🥳

@adrianbenavides @BeenzSyed @caoakleyii @davide-baldo @etorreborre @glenngillen @hairyhum @mattgreg @metaclips @mrinalwadhwa @mszpakowski @polvorin @SanjoDeundiak
@p-gentili @waqasraz @Jackbaude @phillyphil91

New Contributors

@p-gentili @waqasraz @Jackbaude contributed for the first time 🥳

Full Changelog

ockam_v0.80.0...ockam_v0.81.0

Contributors

etorreborre, mrinalwadhwa, and 15 other contributors
Assets 21
Loading