-
Notifications
You must be signed in to change notification settings - Fork 2
Multi admin example
Fraser Scott edited this page Mar 19, 2015
·
11 revisions
Inviting an admin is a 4 step process
- Alice creates an invite for Bob
- Bob creates his admin entity and secures it using the invite key
- Alice verifies Bob's entity and encrypts the Org for Bob's entity, and the Org's public keys using the invite key
- Bob verifies and decrypts the Org's public keys and can now use the Org
In summary, the commands run are
alice@precise64:~/test-org$ pki.io admin invite bob
bob@precise64:~/test-org$ pki.io admin new bob --invite-id 52a3758d43daec04b9f404f15d8d21b8 --invite-key c868390c3cc04f4f9d57ad904cccce11
alice@precise64:~/test-org$ pki.io admin run
bob@precise64:~/test-org$ pki.io admin complete bob --invite-id 52a3758d43daec04b9f404f15d8d21b8 --invite-key c868390c3cc04f4f9d57ad904cccce11
This example page uses git to share data between Alice and Bob.
alice@precise64:~$ cd /data/git
alice@precise64:/data/git$ mkdir test-org
alice@precise64:/data/git$ chown -R alice:git test-org
alice@precise64:/data/git$ chmod -R g+s test-org
alice@precise64:/data/git$ cd test-org
alice@precise64:/data/git/test-org$ git --bare init
Initialized empty Git repository in /data/git/test-org/
alice@precise64:/data/git/test-org$ cd
alice@precise64:~$ pki.io init test-org
Creating Admin entity
Generating admin keys
Creating Org entity
Generating Org keys
Saving local admin
Saving public admin
Creating org index
Saving org public entity to home
alice@precise64:~$ cd test-org
alice@precise64:~/test-org$ git init
Initialized empty Git repository in /home/alice/test-org/.git/
alice@precise64:~/test-org$ git remote add origin file:///data/git/test-org/
Let's take a look at what we've got so far...
alice@precise64:~/test-org$ tree
.
|-- api
| `-- v0
| |-- 0148dafacac60901bcfa22b0edf78e45
| | `-- private
| | |-- 0148dafacac60901bcfa22b0edf78e45
| | `-- cbf2c26dd189a8a14c21de61f34de526
| `-- 362e29729c7880e93d709dde37e7502e
| `-- public
| `-- 362e29729c7880e93d709dde37e7502e
`-- org.conf
6 directories, 4 files
alice@precise64:~/test-org$ cat org.conf
name = "test-org"
id = "0148dafacac60901bcfa22b0edf78e45"
index = "cbf2c26dd189a8a14c21de61f34de526"
alice@precise64:~/test-org$ git add .
alice@precise64:~/test-org$ git commit -am 'first commit'
[master (root-commit) e56a672] first commit
4 files changed, 6 insertions(+)
create mode 100644 api/v0/0148dafacac60901bcfa22b0edf78e45/private/0148dafacac60901bcfa22b0edf78e45
create mode 100644 api/v0/0148dafacac60901bcfa22b0edf78e45/private/cbf2c26dd189a8a14c21de61f34de526
create mode 100644 api/v0/362e29729c7880e93d709dde37e7502e/public/362e29729c7880e93d709dde37e7502e
create mode 100644 org.conf
alice@precise64:~/test-org$ git push origin master
Counting objects: 12, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (9/9), done.
Writing objects: 100% (12/12), 3.49 KiB, done.
Total 12 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (12/12), done.
To file:///data/git/test-org/
* [new branch] master -> master
First the pairing key
alice@precise64:~/test-org$ pki.io pairing-key new --tags web
Loading admin app
Loading admin entity
Loading org entity
Creating the key
Pairing ID: 16774d35ba1bb843d4fc10af8d17d023
Pairing key: c49b7b05fbfe597a48f99109f86262a5
Saving key to index
Now the CA
alice@precise64:~/test-org$ pki.io ca new web-ca --tags web
Loading admin app
Loading admin entity
Loading org entity
Saving CA
Updating index
alice@precise64:~/test-org$ git add .
alice@precise64:~/test-org$ git commit -m 'web pairing key and ca'
[master 66c5ce7] web pairing key and ca
2 files changed, 2 insertions(+), 1 deletion(-)
create mode 100644 api/v0/0148dafacac60901bcfa22b0edf78e45/private/113036365040189421093472070122636709641
rewrite api/v0/0148dafacac60901bcfa22b0edf78e45/private/cbf2c26dd189a8a14c21de61f34de526 (82%)
alice@precise64:~/test-org$ git push origin master
Counting objects: 14, done.
Delta compression using up to 2 threads.
...
e56a672..66c5ce7 master -> master
alice@precise64:~/test-org$ pki.io admin invite bob
Loading admin app
Loading admin entity
Loading org entity
Invite ID: 52a3758d43daec04b9f404f15d8d21b8
Invite key: c868390c3cc04f4f9d57ad904cccce11
Creating the key
Saving key to index
alice@precise64:~/test-org$ git add .
alice@precise64:~/test-org$ git commit -m 'inviting bob'
[master 8d48bd1] inviting bob
1 file changed, 1 insertion(+), 1 deletion(-)
rewrite api/v0/0148dafacac60901bcfa22b0edf78e45/private/cbf2c26dd189a8a14c21de61f34de526 (85%)
alice@precise64:~/test-org$ git push origin master
Counting objects: 13, done.
...
66c5ce7..8d48bd1 master -> master
Using a trusted channel, Alice shared the invite id and key with Bob.
bob@precise64:~$ git clone /data/git/test-org/
Cloning into 'test-org'...
done.
bob@precise64:~$ cd test-org
bob@precise64:~/test-org$ pki.io admin new bob --invite-id 52a3758d43daec04b9f404f15d8d21b8 --invite-key c868390c3cc04f4f9d57ad904cccce11
Creating Admin entity
Generating admin keys
Saving local admin
Saving public admin
Encrypting node for org
Pushing container to org
Let's see what we've got so far...
bob@precise64:~/test-org$ tree
.
|-- api
| `-- v0
| |-- 0148dafacac60901bcfa22b0edf78e45
| | |-- incoming
| | | `-- invite
| | | `-- 550a0410-f35f-3ed1-efb3-fb9374acc4af
| | `-- private
| | |-- 0148dafacac60901bcfa22b0edf78e45
| | |-- 113036365040189421093472070122636709641
| | `-- cbf2c26dd189a8a14c21de61f34de526
| |-- 362e29729c7880e93d709dde37e7502e
| | `-- public
| | `-- 362e29729c7880e93d709dde37e7502e
| `-- 5fd70847aa5c5355b4f670aa2fa1a441
| `-- public
| `-- 5fd70847aa5c5355b4f670aa2fa1a441
`-- org.conf
First commit
bob@precise64:~/test-org$ git add .
bob@precise64:~/test-org$ git commit -m 'accepting invite'
[master c7db60c] accepting invite
2 files changed, 2 insertions(+)
create mode 100644 api/v0/0148dafacac60901bcfa22b0edf78e45/incoming/invite/550a0410-f35f-3ed1-efb3-fb9374acc4af
create mode 100644 api/v0/5fd70847aa5c5355b4f670aa2fa1a441/public/5fd70847aa5c5355b4f670aa2fa1a441
Then push
bob@precise64:~/test-org$ git push origin master
Counting objects: 15, done.
...
To /data/git/test-org/
8d48bd1..c7db60c master -> master
First she gets the changes
alice@precise64:~/test-org$ git pull origin master
remote: Counting objects: 15, done.
...
create mode 100644 api/v0/0148dafacac60901bcfa22b0edf78e45/incoming/invite/550a0410-f35f-3ed1-efb3-fb9374acc4af
create mode 100644 api/v0/5fd70847aa5c5355b4f670aa2fa1a441/public/5fd70847aa5c5355b4f670aa2fa1a441
alice@precise64:~/test-org$ pki.io admin run
Loading admin app
Loading admin entity
Loading org entity
Processing invites
Found 1 invites to process
Reading invite key: 52a3758d43daec04b9f404f15d8d21b8
Verifying and decrypting admin invite
Found 0 invites to process
alice@precise64:~/test-org$ git add -A .
alice@precise64:~/test-org$ git commit -m 'processing admin bob'
[master f9228a6] processing admin bob
...
create mode 100644 api/v0/5fd70847aa5c5355b4f670aa2fa1a441/incoming/invite/550a055f-08fd-312a-8a1b-d806d0f041a0
And pushes
alice@precise64:~/test-org$ git push origin master
Counting objects: 19, done.
...
c7db60c..f9228a6 master -> master
First gets the changes
bob@precise64:~/test-org$ git pull
remote: Counting objects: 19, done.
...
Completes the invite
bob@precise64:~/test-org$ pki.io admin complete bob --invite-id 52a3758d43daec04b9f404f15d8d21b8 --invite-key c868390c3cc04f4f9d57ad904cccce11
Loading admin entity
Saving org public entity to home
Commits
bob@precise64:~/test-org$ git commit -m 'completing bob'
[master 4545c79] completing bob
1 file changed, 1 deletion(-)
delete mode 100644 api/v0/5fd70847aa5c5355b4f670aa2fa1a441/incoming/invite/550a055f-08fd-312a-8a1b-d806d0f041a0
And pushes
bob@precise64:~/test-org$ git push origin master
...
To /data/git/test-org/
f9228a6..4545c79 master -> master
alice@precise64:~/test-org$ git pull origin master
...
delete mode 100644 api/v0/5fd70847aa5c5355b4f670aa2fa1a441/incoming/invite/550a055f-08fd-312a-8a1b-d806d0f041a0
alice@precise64:~/test-org$ pki.io node new server1 --pairing-id 16774d35ba1bb843d4fc10af8d17d023 --pairing-key c49b7b05fbfe597a48f99109f86262a5
Loading admin app
Loading admin entity
Loading org entity
Creating new node
Generating node keys
Encrypting node for org
Pushing container to org
Switching to node context
Creating node index
Creating node config
Creating CSRs
Generating CSRs
Creating new CSR
Saving local CSR
Pushing public CSR
...
Saving node index
alice@precise64:~/test-org$ git add .
alice@precise64:~/test-org$ git commit -m 'adding server1'
[master 70dff9f] adding server1
...
alice@precise64:~/test-org$ git push origin master
Counting objects: 35, done.
4545c79..5f7f99c master -> master
bob@precise64:~/test-org$ git pull origin master
remote: Counting objects: 35, done.
...
bob@precise64:~/test-org$ pki.io org run
Loading admin app
Loading admin entity
Loading org entity
Registering nodes
Found 1 nodes to register
Reading pairing key: 16774d35ba1bb843d4fc10af8d17d023
Verifying and decrypting node registration
Adding node to index
Encrypting and signing node for Org
Looking for CAs for tag web
Found CA 113036365040189421093472070122636709641
Getting CSR for node
Getting CA
Creating certificate
Tagging cert
Signing cert
Pushing certificate to node
Found 0 nodes to register
bob@precise64:~/test-org$ pki.io node run --name server1
Loading admin app
Loading admin entity
Loading org entity
Loading node app
Loading node index
Processing certs
Found 1 certs to process
Found 0 certs to process
Saving node index
bob@precise64:~/test-org$ git add -A .
bob@precise64:~/test-org$ git commit -m 'processing server1'
[master 0d2f98a] processing server1
...
bob@precise64:~/test-org$ git push origin master
Counting objects: 25, done.
...
5f7f99c..0d2f98a master -> master
alice@precise64:~/test-org$ git pull origin master
...
* branch master -> FETCH_HEAD
alice@precise64:~/test-org$ pki.io node show --name server1
Loading admin app
Loading admin entity
Loading org entity
Loading node app
Loading node index
Node name: server1
Node ID: f7be50f890caecd978a4cb53545e99dc
Public Signing Key:
-----BEGIN ECDSA PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYVewIwvc5oPWiYU7X/92PvkDLqjT
Xt4jv6RGlvTKFJyyqHjbijapx2BPz93xP+2bdPKpjXdUmKj4pbakdq4LfQ==
-----END ECDSA PUBLIC KEY-----
Public Encryption Key:
-----BEGIN ECDSA PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZvmQ362C1utDZw46Wn+fSa6j+DtJ
nxhGAdruQrNEJZjZAdMYPDLjZCZSXy+lwh70KgtxiBmJcHNC9vMjwrlQRA==
-----END ECDSA PUBLIC KEY-----
Certificate tags:
map[web:[a0a37756eafcb513b71d38f4846f3a56]]
alice@precise64:~/test-org$ pki.io node cert --name server1 --tags web --export server1.tar.gz
Loading admin app
Loading admin entity
Loading org entity
Loading node app
Loading node index
Getting certs for tag: web
Exporting
alice@precise64:~/test-org$ tar -ztvf server1.tar.gz
-rw-r--r-- 0/0 579 2015-03-18 23:21 server1-cert.pem
-rw------- 0/0 233 2015-03-18 23:21 server1-key.pem