Skip to content

deleteonerror/tinyPKI

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
.github
.github
 
 
build
build
 
 
cmd
cmd
 
 
configs
configs
 
 
deploy
deploy
 
 
docs
docs
 
 
internal
internal
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
SECURITY.md
SECURITY.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
readme.md
readme.md
 
 

Repository files navigation

tiny PKI

A tiny PKI for Home, Lab and Dev usage.

  • setup documentation here
  • usage documentation here

security considerations

The private key of the Certificate Authority

  • is chacha20poly1305 encrypted
  • is stored on the filesystem with 0600 permissions

The configuration

  • is signed by the ca, manual changes to the config files will result in a broken ca

External Dependencies you have to TRUST

only golang.org/x modules are used

maybe feature

  • decoding ASN.1 of csr's
  • file system watcher for the sub ca fsnotify
  • passphrase file
  • docker image
    • docker secret files support
  • revocation reasons
  • publish to LDAP
  • Yubikey as Hardware Key Storage

Out of scope for this project

  • HSM integration
  • CA renewal with new name
  • CA renewal with same key
  • Root private key export
  • Server Generated keys other than CA keys
  • Key recovery
  • RSA support

About

A tiny PKI for Home, Lab and Dev usage.

deleteonerror.com

Topics

pki certificate-authority ca public-key-infrastructure

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

7 tags

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Languages