Skip to content

deleteonerror/tinyPKI

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits

.github

.github

 
 

build

build

 
 

cmd

cmd

 
 

configs

configs

 
 

deploy

deploy

 
 

docs

docs

 
 

internal

internal

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

SECURITY.md

SECURITY.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

readme.md

readme.md

 
 

Repository files navigation

tiny PKI

A tiny PKI for Home, Lab and Dev usage.

  • setup documentation here
  • usage documentation here

security considerations

The private key of the Certificate Authority

  • is chacha20poly1305 encrypted
  • is stored on the filesystem with 0600 permissions

The configuration

  • is signed by the ca, manual changes to the config files will result in a broken ca

External Dependencies you have to TRUST

only golang.org/x modules are used

maybe feature

  • decoding ASN.1 of csr's
  • file system watcher for the sub ca fsnotify
  • passphrase file
  • docker image
    • docker secret files support
  • revocation reasons
  • publish to LDAP
  • Yubikey as Hardware Key Storage

Out of scope for this project

  • HSM integration
  • CA renewal with new name
  • CA renewal with same key
  • Root private key export
  • Server Generated keys other than CA keys
  • Key recovery
  • RSA support

About

A tiny PKI for Home, Lab and Dev usage.

deleteonerror.com

Topics

pki certificate-authority ca public-key-infrastructure

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

7 tags

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Languages