Skip to content

gl-yziquel/subrosa

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.gitignore
.gitignore
 
 
Justfile
Justfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
subrosa
subrosa
 
 

Repository files navigation

Sub-Rosa.

Management of SSL certificates.

NOTE: This is a toy tool demonstrating the possibility of using executable justfiles. If you wish more solid tools to manage your own certificate authority, consider mature software such as HashiCorp Vault or its more open source fork, OpenBaom which have a [PKI secrets backend][vaul-pki]; or consider also the consul tls command line [doc] from HashiCorp Consul, which is designed to create certificates and certificate authorities.

Synopsis:

We provide a subrosa executable Justfile, able to generate SSL root certificates. We expect in the near future to be able to sign derived certificates with it.

The structure of this project as an executable Justfile is in line with the ogma tool for electronic mail. (Tool which incidentally should be renamed to avoid conflict with a range of preexisting tools.)

Installation instructions:

  • Write up an Install.toml file with an install.path field.

  • Run just install, and the path declared above will be a symbolic link to the subrosa executable Justfile in this repository.

Here is an example Install.toml file:

[install]
path = "~/.local/bin"

Usage instructions:

  • subrosa root will generate a root key in .subrosa/rootCA.key and a root certificate .subrosa/rootCA.crt tied to this key. The passphrase of the key will be generated and stored in a pass password store located at .subrosa/pass in the passphrase path. The generation of the root certificate will require a subrosa.conf file instructing openssl about metadata of the certificate to be generated.

  • subrosa wipe will wipe out the whole data, located in .subrosa.

Here is an example of the subrosa.conf file:

[req]
prompt = no
distinguished_name = dn

[dn]
countryName = US
stateOrProvince = NY
localityName = New York
organizationName = S.H.I.E.L.D.
organizationalUnitName = Executive Board
commonName = presidency.shield.gov
emailAddress = nick.fury@shield.gov

Considerations about requirements:

The subrosa executable Justfile will require the pass tool. Support for analogue tools, such as hunter2 would not be unworthy. May be useful for yubikeys. Ideally, pass data should be thrown into a Veracrypt container.

Naming: The executable Justfile is named subrosa, in reference to the middle age custom of suspending a rose from the ceiling of council chambers to highlight the secrecy of such deliberations. This finds its mythological origins in the story of Aphrodites giving a rose to her son Eros, which in turn gave it to Harpocrates, a deity of secrets, in charge of keeping the sexual or romantic indiscretions of Aphrodites under wraps.

About

CLI tool for SSL certificate management.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages