{"id":18477670,"url":"https://github.com/apple/eidas","last_synced_at":"2025-04-08T14:33:36.866Z","repository":{"id":45579524,"uuid":"179286984","full_name":"apple/eidas","owner":"apple","description":":satellite: :wrench: Tools for reading and creating eIDAS certificate signing requests","archived":false,"fork":false,"pushed_at":"2024-11-14T15:55:08.000Z","size":137,"stargazers_count":33,"open_issues_count":0,"forks_count":9,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-03-23T15:39:33.324Z","etag":null,"topics":["ck","tools"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apple.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-04-03T12:37:56.000Z","updated_at":"2025-02-21T22:43:19.000Z","dependencies_parsed_at":"2024-06-20T16:21:03.896Z","dependency_job_id":"af0645a6-aeaa-432a-a574-35ccd01afb67","html_url":"https://github.com/apple/eidas","commit_stats":null,"previous_names":["apple/eidas","creditkudos/eidas"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apple%2Feidas","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apple%2Feidas/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apple%2Feidas/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apple%2Feidas/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apple","download_url":"https://codeload.github.com/apple/eidas/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247861233,"owners_count":21008450,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ck","tools"],"created_at":"2024-11-06T12:00:51.637Z","updated_at":"2025-04-08T14:33:31.844Z","avatar_url":"https://github.com/apple.png","language":"Go","funding_links":[],"categories":["eIDAS and Digital Identity"],"sub_categories":[],"readme":"[![CircleCI](https://circleci.com/gh/creditkudos/eidas.svg?style=svg)](https://circleci.com/gh/creditkudos/eidas)\n[![Go Reference](https://pkg.go.dev/badge/github.com/creditkudos/eidas.svg)](https://pkg.go.dev/github.com/creditkudos/eidas)\n[![Go Report Card](https://goreportcard.com/badge/github.com/creditkudos/eidas)](https://goreportcard.com/report/github.com/creditkudos/eidas)\n\n# eIDAS\nTools for reading and creating eIDAS certificate signing requests\n\n## Generating a Certificate Signing Request (CSR)\n\n### With Docker:\n```bash\ndocker run -v $(pwd):/work --network none creditkudos/eidas \\\n  -country-code GB \\\n  -organization-name \"Your Organization Limited\" \\\n  -organization-id PSDGB-FCA-123456 \\\n  -common-name 0123456789abcdef\n```\n\n### With go (requires go 1.11 or higher):\n```bash\ngo get github.com/creditkudos/eidas/cmd/cli\n```\n\n```bash\ngo run github.com/creditkudos/eidas/cmd/cli \\\n  -country-code GB \\\n  -organization-name \"Your Organization Limited\" \\\n  -organization-id PSDGB-FCA-123456 \\\n  -common-name 0123456789abcdef\n```\n\n### Open Banking Flags\n* `-common-name` should be the same as the `organisation_id` field from your entry in the Open Banking Directory.\n* `-organization-id` should be in the form of `PSD\u003cRegulator Country Code\u003e-\u003cRegulator\u003e-\u003cUnique ID\u003e`\n* `-organization-name` should be your official company name.\n* `-country-code` should be an ISO 3166-1 alpha-2 country code.\n\n### Other flags\nYou can see the available flags with\n```\ngo run github.com/creditkudos/eidas/cmd/cli -help\n```\n\nBy default this will generate two files: `out.csr` and `out.key` containing the CSR and the private key, respectively.\n\nIt will also print the SHA256 sum of the CSR to stdout.\n\nTo print out the details of the CSR for debugging, run:\n```\nopenssl req -in out.csr -text -noout -nameopt multiline\n```\n\n## Notes on CSR format\n\nFor both QWAC and QSEAL types the following attributes are required in the CSR:\n\n### [Subject](https://tools.ietf.org/html/rfc5280#section-4.1.2.6)\n* Must contain country code, organisation name and common name.\n* Must also contain the organisation ID. Organisation ID (ITU-T X.520 10/2012 Section 6.4.4) isn't supported by most tools by default (including OpenSSL and go) but this can be added to the subject as a custom name with the ASN.1 OID of `2.5.4.97`. Should be something like `PSDGB-FCA-123456`.\n* It's not specified in the standards (AFAICT) but these should be in a defined order:\n  1. Country Code (C=)\n  1. Organization Name (O=)\n  1. Organization ID (2.5.4.97=)\n  1. Common Name (CN=)\n\n### Key Parameters\n* Key should be 2048-bit RSA.\n* Signature algorithm should be `SHA256WithRSA`.\n\n### Extensions\n\n#### [Key Usage](https://tools.ietf.org/html/rfc5280#section-4.2.1.3)\n* X509v3 Key Usage extension should be marked as `critical`.\n\n| QWAC | QSEAL |\n| --- | --- |\n| Digital Signature | Digital Signature |\n| Non Repudiation | |\n\n#### [Extended Key Usage](https://tools.ietf.org/html/rfc5280#section-4.2.1.12)\n\n| QWAC | QSEAL |\n| --- | --- |\n| TLS Web Server Authentication | |\n| TLS Web Client Authentication | |\n\nNote: For QSEAL, a CSR is expected to not have an extended key usage section at all, rather than an empty one.\n\n#### [Subject Key Identifier](https://tools.ietf.org/html/rfc5280#section-4.2.1.2)\n* Should be the 160-bit SHA1 sum of the PKCS1 public key.\n\n#### [qcStatements](https://tools.ietf.org/html/rfc3739.html#section-3.2.6)\nThis is an extension used by eIDAS as documented here [ETSI TS 119 495 Annex A](https://www.etsi.org/deliver/etsi_ts/119400_119499/119495/01.02.01_60/ts_119495v010201p.pdf).\nThe required parameters included in this are the Competent Authority's name and ID, e.g. \"Financial Conduct Authority\" and \"GB-FCA\", and the roles the TPP requires, e.g. \"PSP_AI\" (Account Information).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapple%2Feidas","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapple%2Feidas","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapple%2Feidas/lists"}