{"id":27055486,"url":"https://github.com/duesee/mkpki","last_synced_at":"2025-04-05T09:27:53.066Z","repository":{"id":254515455,"uuid":"820429321","full_name":"duesee/mkpki","owner":"duesee","description":null,"archived":false,"fork":false,"pushed_at":"2025-02-20T14:07:29.000Z","size":18,"stargazers_count":1,"open_issues_count":7,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-20T15:23:54.341Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/duesee.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-26T12:58:00.000Z","updated_at":"2025-02-20T14:07:33.000Z","dependencies_parsed_at":"2024-08-24T01:22:31.995Z","dependency_job_id":"187f9757-0002-4050-9fff-4be7b70f0657","html_url":"https://github.com/duesee/mkpki","commit_stats":null,"previous_names":["duesee/mkpki"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duesee%2Fmkpki","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duesee%2Fmkpki/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duesee%2Fmkpki/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duesee%2Fmkpki/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/duesee","download_url":"https://codeload.github.com/duesee/mkpki/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247315901,"owners_count":20919161,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-04-05T09:27:52.433Z","updated_at":"2025-04-05T09:27:53.020Z","avatar_url":"https://github.com/duesee.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# mkpki\n\nA tool to generate a two-tier PKI with zones separated by [Name Constraints](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.10).\n\nThis architecture allows efficient zone revocation and reduces the severity of a key compromise:\nIf an intermediate key is compromised, the damage is limited to a specific zone.\nIf the root key is compromised, the damage is limited to a specific domain.\n\n```text\nUsage: mkpki [--seed \u003cseed\u003e] \u003ccommand\u003e [\u003cargs\u003e]\n\nmkpki.\n\nOptions:\n  --seed            ONLY FOR TESTING: seed CSPRNG with `sha256(argument)`\n  --help            display usage information\n\nCommands:\n  root              Create root certificate.\n  intermediate      Create intermediate certificate.\n  leaf              Create leaf certificate.\n```\n\n## Overview\n\n```mermaid\nflowchart TD\n    A(example.org) --\u003e B(zone1.example.org)\n    A --\u003e C(zone2.example.org)\n    B --\u003e D(leaf1.zone1.example.org)\n    C --\u003e E(leaf1.zone2.example.org)\n    C --\u003e F(leaf2.zone2.example.org)\n```\n\n* The root CA is constraint to a specific domain, e.g., `example.org`, meaning that all certificates issued by the root CA are only ever valid for subdomains of `example.org`.\n* The intermediate CA is constraint to an even more specific domain, e.g., `zone1.example.org`, meaning that all certificates issued by the intermediate CA are only ever valid for subdomains of `zone1.example.org`.\n* The leaf certificates are typical X.509 leaf certificates and cannot be used for further issuance.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fduesee%2Fmkpki","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fduesee%2Fmkpki","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fduesee%2Fmkpki/lists"}