protonlabs/x509-sign

There is no license information available for the latest version (1.0.0) of this package.

Sign ASN1 strings

Maintainers

Details

github.com/ProtonMail/x509-sign

Source

Issues

Installs: 22 525

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 4

Forks: 2

Open Issues: 0

1.0.0 2021-06-29 13:19 UTC

Requires

Requires (Dev)

Unknown License 9c87e4affb62b660465cf1c5ed50fc67a9f6a124

This package is not auto-updated.

Last update: 2024-04-29 19:44:25 UTC

README

A simple endpoint to sign X509 certificates.

Usage

Via HTTP:

Expose index.php on a webserver.

Get the signature server public key:

POST /

{
  "publicKey": {}
}

Or specify a format:

POST /

{
  "publicKey": {"format": "PSS"}
}

Request a signature:

POST /

{
  "signedCertificate": {
    "certificate": "-----BEGIN...",
    "clientPublicKey": "-----BEGIN..."
  }
}

You can group requests and get both results aggregated:

POST /

{
  "publicKey": {},
  "signedCertificate": {
    "certificate": "-----BEGIN...",
    "clientPublicKey": "-----BEGIN..."
  }
}

Would result the following JSON output:

{
  "publicKey": {
    "success": true,
    "result": "-----BEGIN..."
  },
  "signedCertificate": {
    "success": true,
    "result": "-----BEGIN..."
  }
}

With the server signature public key string and the signed certificate.

As a service

Use Issuer::issue() to sign certificates from a PHP application.

use Proton\X509Sign\Issuer;
use phpseclib3\Crypt\RSA\PrivateKey;
use phpseclib3\Crypt\RSA\PublicKey;

$issuer = new Issuer();
$issuer->issue(
    PrivateKey::load('-----BEGIN...'),
    PublicKey::load('-----BEGIN...'),
    ['commonName' => 'foo'],
    ['commonName' => 'bar'],
    '9256',
);

Config

Define environment variables to configure your server:

  • SIGNATURE_PRIVATE_KEY PKCS1 string of the private signature key.

  • SIGNATURE_PRIVATE_KEY_PASSPHRASE Passphrase/password of the private key.

  • EXTENSIONS JSON representation of X509 extensions to support.