Digital signature micro-services
Go Python Other
Clone or download
jvehent Merge pull request #105 from mozilla-services/removeedge
Remove autograph-edge, moved to github.com/mozilla-services/autograh-edge
Latest commit 4f8034a Jul 2, 2018
Permalink
Failed to load latest commit information.
.circleci Implement a MAR signer that stores keys in an HSM Jun 22, 2018
docs doc: add links to crypto11 & pkcs11 pkg Jun 24, 2018
signer xpi: hash the cn into a dnsname in the EE cert Jun 27, 2018
tools Remove autograph-edge, moved to github.com/mozilla-services/autograph… Jul 2, 2018
vendor vendoring update Jun 22, 2018
.gitignore Cleanup of monitoring function Jun 16, 2017
.travis.yml Remove call to autograph-edge in travisci Jul 2, 2018
Dockerfile Add ltdl to Dockerfile for pkcs11 support Jun 23, 2018
LICENSE Initial commit Jan 5, 2016
Makefile Add MAR unit tests to Makefile Jun 22, 2018
README.md Add documentation Jun 23, 2018
authorize.go Make Hawk ts expiration configuration per authorization Jun 29, 2018
authorize_test.go Add unit test to check hawk skew failure Jun 29, 2018
autograph.encrypted.yaml Autograph 2.0: major refactoring Apr 19, 2017
autograph.softhsm.yaml Implement a MAR signer that stores keys in an HSM Jun 22, 2018
autograph.yaml Make Hawk ts expiration configuration per authorization Jun 29, 2018
context.go Fix request context handling Jun 13, 2017
errors.go use lowercase import path for logrus Aug 18, 2017
handlers.go autograph-edge: initial version Apr 11, 2018
handlers_test.go mar: add handler unit tests for /sign/data and /sign/file Jun 24, 2018
id.go Use 128bits random IDs, with tests Jan 20, 2016
id_test.go Use 128bits random IDs, with tests Jan 20, 2016
logging.go use lowercase import path for logrus Aug 18, 2017
main.go Make Hawk ts expiration configuration per authorization Jun 29, 2018
main_test.go Add tests for duplicate signer and auth IDs, fixes #53 Oct 4, 2017
middleware.go Fix request context handling Jun 13, 2017
monitor.go Add default timestamp skew to monitoring authorization Jun 29, 2018
monitor_test.go Implement a MAR signer that stores keys in an HSM Jun 22, 2018
version.json update local version Jun 1, 2018
version.sh Use version.json in /__version__ endpoint Sep 29, 2016

README.md

Autograph

Autograph is a cryptographic signature service that implements Content-Signature and other signing methods.

CircleCI Build Status Coverage Status

Why is it called "autograph"? Because it's a service to sign stuff.

Installation

Using Docker

docker pull mozilla/autograph && docker run mozilla/autograph

This will download the latest build of autograph from DockerHub and run it with its dev configuration.

Using go get

If you don't yet have a GOPATH, export one:

$ export GOPATH=$HOME/go
$ mkdir $GOPATH

Then download and build autograph:

$ go get go.mozilla.org/autograph

The resulting binary will be placed in $GOPATH/bin/autograph. To run autograph with the example conf, do:

$ cd $GOPATH/src/go.mozilla.org/autograph
$ $GOPATH/bin/autograph -c autograph.yaml

Example clients are in the tools directory. You can install the Go one like this:

$ go get go.mozilla.org/autograph/tools/autograph-client
$ $GOPATH/bin/autograph-client -u alice -p fs5wgcer9qj819kfptdlp8gm227ewxnzvsuj9ztycsx08hfhzu -t http://localhost:8000/sign/data -r '[{"input": "Y2FyaWJvdW1hdXJpY2UK"}]'
2016/08/23 17:25:55 signature 0 pass

Documentation

Signing

Autograph exposes a REST API that services can query to request signature of their data. Autograph knows which key should be used to sign the data of a service based on the service's authentication token. Access control and rate limiting are performed at that layer as well.

signing.png