github.com/usable-security-and-privacy-lab/lets-auth-ca
A certificate authority for the Let's Authenticate system. From the paper
Let’s Authenticate: Automated Certificates for User Authentication, presented at NDSS 2022.
go run main.go
Command line flags include:
Log levels include:
Configuration files have the following format:
# the name, e.g. "development
- name: [string]
# the database configuration
- database config: [string]
# the display name for the RP
- RP display name: [string]
# the ID for the RP
- RP ID: [string]
# the origin for the RP
- RP origin: [string]
# path to the file containing the public key for this server, in PEM format
- public key: [string]
# path to the file containing the private key for this server, in PEM format
- private key: [string]
# path to the file containing the root certificate for this server, in PEM format
- root certificate: [string]
The database configuration string is formatted as:
[username]:[password]@tcp([IP]:[port])/[database]?charset=utf8mb4
You will need to self-sign a root certificate, as shown below.
Configuration files are stored in the configuration directory with the name
config.yml. For example:
Install MariaDB.
brew install mariadb
Create a MySQL user
mysql> CREATE USER 'letsauth'@'localhost' IDENTIFIED BY 'letsauth';
Create the database
mysql> CREATE DATABASE lets_auth;
Grant the user privileges to just this new database.
mysql> GRANT ALL on lets_auth.* TO 'letsauth'@'localhost';
Create a configuration directory in lets-auth-ca-development.
In the configuration directory, run the following:
openssl genrsa -out dev-private-key.pem 3072
openssl rsa -in dev-private-key.pem -pubout -out dev-public-key.pem
Setup a configuration file, as shown below. Then:
go run main.go -root
In lets-auth-ca-development/config.yml, create a configuration file. Here is a
sample file:
name: "development"
database config: "auth:auth@tcp(127.0.0.1:3306)/lets_auth?charset=utf8mb4"
RP display name: "Let's Authenticate"
RP ID: "localhost"
RP origin: "http://localhost:3060"
public key: "dev-public-key.pem"
private key: "dev-private-key.pem"
root certificate: "dev-cert.pem"
Clone the repository into your home directory on the production server.
Run go build to build the code. You may need to
install Go first.
Set up the database, as above, but with a strong password for the letsauth user.
Create a production configuration in a directory called
lets-auth-ca-production.
Create a file in /etc/systemd/system/letsauthca.go with the following
contents:
[Unit]
Description=Let's Authenticate CA
ConditionPathExists=/home/zappala/lets-auth-ca
After=network.target
[Service]
Type=simple
User=zappala
Group=zappala
WorkingDirectory=/home/zappala/lets-auth-ca
ExecStart=/home/zappala/lets-auth-ca/lets-auth-ca --configDir lets-auth-ca-prod\
uction
Restart=on-failure
RestartSec=10
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=letsauthca
[Install]
WantedBy=multi-user.target
Set up and run the daemon:
sudo systemctl daemon-reload
sudo systemctl enable letsauthca
sudo systemctl start letsauthca
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
TC39 met in Seattle and advanced 9 JavaScript proposals, including three to Stage 4, introducing new features and enhancements for a future ECMAScript release.
Security News
Deno 2.2 enhances Node.js compatibility, improves dependency management, adds OpenTelemetry support, and expands linting and task automation for developers.
Security News
React's CRA deprecation announcement sparked community criticism over framework recommendations, leading to quick updates acknowledging build tools like Vite as valid alternatives.