acert

command module

v0.2.0 Latest Latest Go to latest Published: Mar 12, 2020 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/deciphernow/acert

README ¶

Acert

A command line utility for managing X.509 identities.

Overview

Normally, X.509 identities are generated by a client then signed by a certificate authority. This multi-step process reduces the risk that private keys will be leaked. While this works very well in many situations, there are situations where it is acceptable for a certificate authority to generate the X.509 identities directly. Acert is targeted at these situations and provides an all-in-one utility for creating certificate authorities and issuing X.509 identities directly from those certificate authorities.

Usage

Acert uses Cobra so all commands support a help option (e.g., acert -h or acert --help). As a result, the following usage instructions only cover the top level use cases and do not attempt to provide descriptions of all options available.

Version

To print the current version and commit for the acert binary run the following command:

acert version

Authorities

Authorities represent the X.509 identities of certificate authorities and are required to in order to use Acert to issue X.509 leaf identities.

Creating

To create a certificate authority run the following command:

acert authorities create

Note that the output of this command is the shortened SHA256 hash of the authorities certificate (i.e., fingerprint) and is used to identify the authority.

For a full list of the options available when creating a certificate authority run the following command:

acert authorities create --help

Deleting

To delete a certificate authority run the following command where FINGERPRINT is the SHA 256 fingerprint of the authority:

acert authorities delete FINGERPRINT

Listing

To list the authorities run the following command:

acert authorities list

Exporting

To export the pem encoded authorities for a certificate authority run the following command:

acert authorities export FINGERPRINT -f pem -t authority

To export the pem encoded certificate for a certificate authority run the following command:

acert authorities export FINGERPRINT -f pem -t certificate

To export the pem encoded key for a certificate authority run the following command:

acert authorities export FINGERPRINT -f pem -t key

For a full list of the options available when exporting a certificate authority run the following command:

acert authorities export --help

Leaves

Leaves represent the X.509 identities of users or services and cannot issue identities.

Issuing

To issue a leaf run the following command where FINGERPRINT is the SHA 256 fingerprint of the authority issuing the leaf:

acert authorities issue FINGERPRINT

For a full list of the options available when issuing a leaf run the following command:

acert authorities issue --help

Deleting

To delete a leaf run the following command where FINGERPRINT is the SHA 256 fingerprint of the leaf:

acert leaves delete FINGERPRINT

Listing

To list the leaves run the following command:

acert leaves list

Exporting

To export the pem encoded authorities for a leaf identity run the following command:

acert leaves export FINGERPRINT -f pem -t authority

To export the pem encoded certificate for a leaf identity run the following command:

acert leaves export FINGERPRINT -f pem -t certificate

To export the pem encoded key for a leaf identity run the following command:

acert leaves export FINGERPRINT -f pem -t key

For a full list of the options available when exporting a leaf run the following command:

acert leaves export --help

Building

Dependencies

In order to build Acert the following dependencies are required.

Go (1.13.0 or greater)
Make (3.81 or greater)

Build

In order to build a binary for the current operating system run the following command:

make build

Additionally, targets are provided for cross compilation to darwin, linux and windows (e.g., make build.darwin).

Testing

In order to test Acert run the following command:

make test

Contributing

Fork it
Download your fork to your PC (git clone https://github.com/your_username/acert && cd acert)
Create your feature branch (git checkout -b my-new-feature)
Make changes and add them (git add .)
Commit your changes (git commit -m 'Add some feature')
Push to the branch (git push origin my-new-feature)
Create new pull request

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
certificates
cmd
authorities
authorities/create
authorities/delete
authorities/export
authorities/issue
authorities/list
leaves
leaves/delete
leaves/export
leaves/list
version
config
encoding
internal
tests
stores
filesystem
memory
versions

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL