This is a tiny Golang keyserver stub provided for testing the E2E extension.
I don't anticipate pushing much new code to this branch myself; but I'd happily accept pull requests to make this actually useful (and provide, like, actual security properties).
Before you even think about deploying this accessible on anything but localhost, you MUST do something like
ag 'FIXME|OSS' --go -C4
read the comments, and fix the FIXMEs.
If you want to deploy this in a realistic environment, you may want to privilege-separate the key authority. PRs to support using cloud HSMs would be accepted.
Note: DO NOT deploy this in production using Go 1.4, unless you incorporate the broken-random-safe ECDSA patch here
(It's called keyshop because I have a low opinion of certificate authorities, which this essentially is.)
Install an official tarball or use your platform-of-choice's package manager. Or do the right thing, and build Go from source.
Just run:
go get github.com/yahoo/keyshop/ks/cmd/...
and you'll have three new Go binaries in your $GOPATH/bin
. If
you are Yahoo-internal, you probably want to clone this repo to
its import path. E.g.:
git clone $PARANOIDS_GIT/keyshop-oss.git \
${GOPATH}/src/github.com/yahoo/keyshop
Add ${GOPATH}/bin
to your path and
cd ${GOPATH}/src/github.com/yahoo/keyshop
genkauth
./scripts/mktls.sh
ks -alsologtostderr -v 4 -log_dir ./data/logs
Well, despite the disclaimer above, I probably will:
- Add an API spec in some format that can be pretty-printed.
- Add sanitized test data.
- Clean up and release the API conformance-test driver (which would then, effectively, be an implementation of a client in Python).