Skip to content

trusch/pkid

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

pkid

A service for managing public key infrastructures via a REST-full interface.

Features

  • Manage multiple root CA's
  • Create signed sub-CA's
  • Create signed server certificates
  • Create signed client certificates
  • RSA or ECC Keys
  • Revoke Sub-CA's, clients or servers
  • Automatically create CRL's
  • Choosable storage layers
    • leveldb
    • raw filesystem
    • more comming soon...
  • can be build completely static -> no deps to openssl etc.
  • should run on Linux, Mac and Windows

Installation

> go get github.com/trusch/pkid
> pkid --storage leveldb:///usr/share/pkid --listen 0.0.0.0:80

API

Create Certificates

These endpoints are used to create keys and issue certificates.

Options for all following endpoints are:

  • name: string (required)
  • curve: string (optional, default: P521)
    • valid values: P521, P384, P256, P224
  • rsaBits: int (optional)
    • valid values: 4096, 2048, 1024
  • notBefore: int (optional, secs since epoche, defaults to current time)
  • validFor: string (optional, example: 12h30m, defaults to 8760h (-> 1 Year))

Create root CA (self signed)

  • Request: POST /ca?name=my-ca-name
  • Response: {uuid}

Create Sub CA

  • Request: POST /ca/{root-uuid}/ca?name=my-sub-ca
  • Response: {uuid}

Create Client

  • Request: POST /ca/{root-uuid}/client?name=my-client
  • Response: {uuid}

Create Server

  • Request: POST /ca/{root-uuid}/server?name=my-server
  • Response: {uuid}

Get Certificates/Keys

These endpoints are used to retrieve generated certificates and keys

Get CA Certificate

  • Request: GET /ca/{root-uuid}/cert
  • Response: {pem certificate data}

Get CA Key

  • Request: GET /ca/{root-uuid}/key
  • Response: {pem key data}

Get Client Certificate

  • Request: GET /ca/{root-uuid}/client/{uuid}/cert
  • Response: {pem certificate data}

Get Client Key

  • Request: GET /ca/{root-uuid}/client/{uuid}/key
  • Response: {pem key data}

Revoke Certificates

These endpoints can be used to revoke certificates and get the resulting CRL.

Revoke a CA

  • Request: POST /ca/{root-uuid}/ca/{uuid}/revoke
  • Response: "revoked"

Revoke a Server

  • Request: POST /ca/{root-uuid}/server/{uuid}/revoke
  • Response: "revoked"

Revoke a Client

  • Request: POST /ca/{root-uuid}/client/{uuid}/revoke
  • Response: "revoked"

Get Certificate Revocation List (CRL)

  • Request: GET /ca/{root-uuid}/crl
  • Response: {pem crl data}

Info about CA

These endpoints can be used to gather information about a specific CA

Get CA info

  • Request: GET /ca/{root-uuid}
  • Response:
  {
    "Entity": {
      "ID": "{uuid}",
      "Name": "my-ca",
      "IsRevoked": false,
    },
    "Revoked": [2,5,6],
    "CAs": {
      "{uuid}": "my-sub-ca"
    },
    "Clients": {
      "{uuid}": "my-client"
    },
    "Servers": {
      "{uuid}": "my-server"
    }
  }

List sub CA's

  • Request: GET /ca/{root-uuid}/ca
  • Response:
  {
    "{uuid}": "my-sub-ca"
  }

List clients

  • Request: GET /ca/{root-uuid}/client
  • Response:
  {
    "{uuid}": "my-client"
  }

List servers

  • Request: GET /ca/{root-uuid}/server
  • Response:
  {
    "{uuid}": "my-server"
  }

About

a server for centralized management of public key infrastructures

Resources

License

Stars

Watchers

Forks

Packages

No packages published