diff options
| -rw-r--r-- | README | 66 | ||||
| -rw-r--r-- | TODO | 12 |
2 files changed, 78 insertions, 0 deletions
@@ -0,0 +1,66 @@ +pkictl +====== + +Pkictl can be used to manage the lifecycle of keys and certificates. + +Its main purpose is the creation of certificates and control through rules of the +certification process. But it can also be used to sign and verify messages based +on private/public keys. + +The focus is on easy commands with clear error messages to make work for the admin +or user as easy as possible. But it can also be used in scripts to implement +automated workflows. + +features +-------- + +The following commnds will be implemented: + +* create private key (RSA or ECDSA) +* create public key based on private key +* sign a message using a private key +* verify a message using a public key +* create a certificate sign request using a private key (WIP) +* create a certificate using a CSR (not implemented) +* show information about a CSR/private key/... (not implemented) +* verify certificate against rules and CSR (not implemented) + +Installation +------------ + +The project can be built with + + go build + +from the main directory. This will create the binary `pkictl`. + +Usage +----- + +### print all commands + +To print all commands, use + + # ./pkictl + Usage: pkictl command args + where 'command' is one of: + create-private create a new private key + create-public create a public key from a private one + create-cert-sign create a new certificate sign request + help show this help + info get info on a file + sign sign a certificate request + sign-input sign a message with a private key + verify-signature verify a signature + +Print the help for a command: + + ./pkictl create-public --help + Usage of create-public: + -output="STDOUT": path where the generated public key should be stored + -private-key="": path to the private key file + +Contributing +------------ + +The best way to contribute is to use [github.com/gibheer/pkictl](https://github.com/gibheer/pkictl). @@ -0,0 +1,12 @@ +The following list is a collection of areas, where some work is needed + +* reduce code size by refactoring +* make sure that critical files are checked more rigid (filesystem permissions) +* implement message signing for RSA keys +* implement certificate generation +* implement verification of certificates against rules +* implement verification of certificates against CSRs +* implement a way to convert keys to SSH format (separate tool?) +* split project more into lib and CLI? +* find a way to get ED25519 working +* implement info command |