Skip to content

eozturk1/keytransparency

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,238 Commits

cmd

cmd

 
 

core

core

 
 

deploy

deploy

 
 

docs

docs

 
 

impl

impl

 
 

integration

integration

 
 

scripts

scripts

 
 

testdata

testdata

 
 

vendor

vendor

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

.keytransparency.yaml

.keytransparency.yaml

 
 

.travis.yml

.travis.yml

 
 

AUTHORS

AUTHORS

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

CONTRIBUTORS

CONTRIBUTORS

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

coverage.sh

coverage.sh

 
 

docker-compose.yml

docker-compose.yml

 
 

metalinter.json

metalinter.json

 
 

travis_secrets.tar.gz.enc

travis_secrets.tar.gz.enc

 
 

Repository files navigation

Key Transparency

Build Status Go Report Card GoDoc

Key Transparency Logo

Key Transparency provides a lookup service for generic records and a public, tamper-proof audit log of all record changes. While being publicly auditable, individual records are only revealed in response to queries for specific IDs.

Key Transparency can be used as a public key discovery service to authenticate users and provides a mechanism to keep the service accountable. It can be used by account owners to reliably see what keys have been associated with their account, and it can be used by senders to see how long an account has been active and stable before trusting it.

Key Transparency is inspired by CONIKS and Certificate Transparency. It is a work-in-progress with the following milestones under development.

Key Transparency Client

Setup

  1. Install Go 1.7.
  2. go get -u github.com/google/keytransparency/cmd/keytransparency-client
  3. Get an OAuth client ID and download the generated JSON file to client_secret.json.

Client operations

Publish a public key

keytransparency-client authorized-keys --help 
keytransparency-client authorized-keys add --generate --type=ecdsa --activate
keytransparency-client post user@domain.com app1 --client-secret=client_secret.json --insecure -d 'dGVzdA==' #Base64

Get and verify a public key

keytransparency-client get <email> <app> --insecure --verbose
✓ Commitment verified.
✓ VRF verified.
✓ Sparse tree proof verified.
✓ Signed Map Head signature verified.
CT ✓ STH signature verified.
CT ✓ Consistency proof verified.
CT   New trusted STH: 2016-09-12 15:31:19.547 -0700 PDT
CT ✓ SCT signature verified. Saving SCT for future inclusion proof verification.
✓ Signed Map Head CT inclusion proof verified.
keys:<key:"app1" value:"test" >

Verify key history

keytransparency-client history <email> --insecure
Epoch |Timestamp                    |Profile
4     |Mon Sep 12 22:23:54 UTC 2016 |keys:<key:"app1" value:"test" >

Running the server

Install

  1. OpenSSL
  2. Docker
    • Docker Engine 1.13.0+ docker version -f '{{.Server.APIVersion}}'
    • Docker Compose 1.11.0+ docker-compose --version
  3. go get -u github.com/google/keytransparency/...
  4. go get -u github.com/google/trillian/...
  5. ./scripts/prepare_server.sh -f

Run

  1. Start Trillian
$ docker-compose up -d trillian-map trillian-log
Creating keytransparency_db_1
Creating  keytransparency_trillian-map_1
Creating  keytransparency_trillian-log_1
  1. Provision a log and a map
source scripts/configure_trillian.sh && createLog && createMap
  1. Run Key Transparency

About

A transparent and secure way to look up public keys.

security.googleblog.com/2017/01/security-through-transparency.html

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 90.5%
  • Protocol Buffer 5.8%
  • Shell 3.3%
  • Makefile 0.4%