{"id":34136436,"url":"https://github.com/namecoin/encaya","last_synced_at":"2025-12-15T02:01:02.239Z","repository":{"id":43065109,"uuid":"160117284","full_name":"namecoin/encaya","owner":"namecoin","description":"Namecoin interoperability for AIA-compatible TLS clients","archived":false,"fork":false,"pushed_at":"2025-09-04T12:40:24.000Z","size":140,"stargazers_count":6,"open_issues_count":16,"forks_count":4,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-09-04T14:38:25.808Z","etag":null,"topics":["aia","anticensorship","blockchain","certificates","civil-liberties","cryptoapi","cryptocurrency","cryptography","decentralized","free-speech","hacktoberfest","human-rights","internet-freedom","name-constraints","p2p","privacy","security","tls","windows","x509"],"latest_commit_sha":null,"homepage":"https://www.namecoin.org/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/namecoin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-12-03T01:49:29.000Z","updated_at":"2025-09-04T12:40:27.000Z","dependencies_parsed_at":"2025-08-10T21:11:34.524Z","dependency_job_id":"d7407cba-3119-4900-8046-06861cd15380","html_url":"https://github.com/namecoin/encaya","commit_stats":{"total_commits":74,"total_committers":3,"mean_commits":"24.666666666666668","dds":0.3918918918918919,"last_synced_commit":"4228e3b0884d7454404581ec86e881831742d830"},"previous_names":["namecoin/certdehydrate-dane-rest-api"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/namecoin/encaya","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/namecoin%2Fencaya","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/namecoin%2Fencaya/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/namecoin%2Fencaya/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/namecoin%2Fencaya/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/namecoin","download_url":"https://codeload.github.com/namecoin/encaya/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/namecoin%2Fencaya/sbom","scorecard":{"id":673533,"data":{"date":"2025-08-11","repo":{"name":"github.com/namecoin/encaya","commit":"ecb682dc8f1ae59dd372e60e3208737e3a9b0bdc"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.3,"checks":[{"name":"Maintained","score":10,"reason":"15 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/12 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: COPYING:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: COPYING:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-21T20:53:49.786Z","repository_id":43065109,"created_at":"2025-08-21T20:53:49.786Z","updated_at":"2025-08-21T20:53:49.786Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27742392,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-15T02:00:09.782Z","response_time":96,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aia","anticensorship","blockchain","certificates","civil-liberties","cryptoapi","cryptocurrency","cryptography","decentralized","free-speech","hacktoberfest","human-rights","internet-freedom","name-constraints","p2p","privacy","security","tls","windows","x509"],"created_at":"2025-12-15T02:00:23.472Z","updated_at":"2025-12-15T02:01:02.234Z","avatar_url":"https://github.com/namecoin.png","language":"Go","readme":"# Encaya: REST and AIA API for Safe DANE Lookups\n\nEncaya enables AIA-compatible TLS clients (e.g. CryptoAPI, Chromium, and Safari) to accept certificates specified by a safe subset of DANE (e.g. for Namecoin).\n\n## Building\n\nPrerequisites:\n\n1. Ensure you have the Go tools installed.\n\n2. If using Linux, ensure you have the `libcap` development headers\n   installed. (Most distributions will have a package called `libcap-dev` or\n   similar.)\n\nOption A: Using Go build commands without Go modules (works on any platform with Bash; only Go 1.15-1.16.x; will not work on Go 1.17+):\n\n1. Ensure you have the `GOPATH` environment variable set. (For those not\n   familar with Go, setting it to the path to an empty directory will suffice.\n   The directory will be filled with build files.)\n\n2. Run `export GO111MODULE=off` to disable Go modules.\n\n3. Run `go get -d -t -u github.com/namecoin/encaya/...`. The encaya source code will be\n   retrieved automatically.\n\n4. Run `go get -t -u github.com/namecoin/encaya/...`.  encaya will be built. The binaries will be at `$GOPATH/bin/encaya`.\n\nOption B: Using Go build commands with Go modules (works on any platform with Bash; Go 1.15+:\n\n1. Clone encaya.\n\n2. Run the following in the encaya directory to set up Go modules:\n   \n   ~~~\n   go mod init github.com/namecoin/encaya\n   go mod edit -replace github.com/coreos/go-systemd=github.com/coreos/go-systemd/v22@latest\n   go mod tidy\n   ~~~\n\n3. Run `go install ./...`.  encaya will be built. The binaries will be at `$GOPATH/bin/encaya`.\n\nOption C: Using Makefile (non-Windows platforms):\n\n1. Run `make`. The source repository will be retrieved via `go get`\n   automatically.\n\nEncaya can be run as a Windows service; see the output of `encaya --help`.\n\n## Configuration\n\nEncaya uses a configuration file which is looked for at `../etc/encaya.conf`\n(relative to the executable path) and `/etc/encaya/encaya.conf`. You can override\nthis and all options on the command line.\n\n## Suggested Setup\n\nThere are 3 machines involved in setup:\n\n* DNS server.\n    * Must have a trusted network path to a Namecoin client such as Namecoin Core.\n* Encaya server.\n    * Must have a trusted network path to the DNS server.\n* Client.\n    * No trusted network path is necessary, but any eavesdropper on the network path to the Encaya server will be able to see which Namecoin domain names you connect to (since AIA traffic is unencrypted).\n\nIn many cases, all 3 machines will be the same machine.  However, this is not a requirement.  For example, you might configure a mobile client to use servers that you set up on a desktop.  In fact, if the client is a TiVoized device such as an iOS device, you **must** set up the servers on a different machine, since TiVoized devices cannot install Encaya or ncdns.\n\nOnce you've decided which machine will play which role, follow these steps:\n\n1. Install [ncdns](https://github.com/namecoin/ncdns) on the DNS server machine.\n2. Configure `ncdns.conf` on the DNS server machine to point to the Encaya server machine for AIA.  The configured IP must be valid from the client machine's network perspective.\n3. Start ncdns as a service on the DNS server machine.\n4. Configure `encaya.conf` on the Encaya server machine to use ncdns's IP and port for DNS.\n5. On the Encaya server machine, run `encayagen` to generate the Encaya root CA.\n6. Start Encaya as a service on the Encaya server machine.\n7. Copy `encaya.pem` to the client machine.  (If the client machine has a trusted network path to the Encaya server machine, you can download the certificate on the client machine by connecting to port 80 on the Encaya server machine in a web browser.  Otherwise, manually copy the file.)\n8. Install `encaya.pem` on the client machine as a trusted root CA.  Setting EKU (TLS server authentication only) and name constraints (`bit` only) is recommended, e.g. via [certinject](https://github.com/namecoin/certinject).\n9. Configure the client machine to use ncdns's IP and port as a stub zone for `bit.`.\n\n## Theoretical background\n\nSee [Jeremy Rand's talk](https://www.namecoin.org/2021/01/01/namecoin-at-grayhat-2020-monero-village.html) at the Grayhat 2020 Monero Village.\n\n## Warnings\n\nEncaya does not protect you from MITM attacks by public CA's that are trusted by your TLS client.  You need another tool, such as [certinject](https://github.com/namecoin/certinject), for that.\n\n## Licence\n\nCopyright (C) 2018-2022 Namecoin Developers.\n\nEncaya is free software: you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nEncaya is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with Encaya.  If not, see [https://www.gnu.org/licenses/](https://www.gnu.org/licenses/).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnamecoin%2Fencaya","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnamecoin%2Fencaya","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnamecoin%2Fencaya/lists"}