{"id":24607386,"url":"https://github.com/redteampentesting/kbtls","last_synced_at":"2025-05-05T21:49:40.426Z","repository":{"id":163053678,"uuid":"617461481","full_name":"RedTeamPentesting/kbtls","owner":"RedTeamPentesting","description":"Establishes mutually trusted TLS connections based on a pre-shared connection key.","archived":false,"fork":false,"pushed_at":"2024-03-21T10:26:33.000Z","size":449,"stargazers_count":48,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-31T00:06:13.216Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RedTeamPentesting.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-22T12:52:36.000Z","updated_at":"2025-02-20T09:26:10.000Z","dependencies_parsed_at":"2023-06-02T14:15:38.791Z","dependency_job_id":null,"html_url":"https://github.com/RedTeamPentesting/kbtls","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedTeamPentesting%2Fkbtls","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedTeamPentesting%2Fkbtls/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedTeamPentesting%2Fkbtls/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedTeamPentesting%2Fkbtls/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RedTeamPentesting","download_url":"https://codeload.github.com/RedTeamPentesting/kbtls/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252583320,"owners_count":21771829,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-24T17:36:55.129Z","updated_at":"2025-05-05T21:49:40.420Z","avatar_url":"https://github.com/RedTeamPentesting.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ch1 align=\"center\"\u003e\u003cb\u003ekbtls\u003c/b\u003e\u003c/h1\u003e\n  \u003cp align=\"center\"\u003e\u003ci\u003e\u003cb\u003eK\u003c/b\u003eey-\u003cb\u003eB\u003c/b\u003eased \u003cb\u003eTLS\u003c/b\u003e - Mutually Trusted TLS Connections Based on a Pre-Shared Connection Key\u003c/i\u003e\u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/RedTeamPentesting/kbtls/releases/latest\"\u003e\u003cimg alt=\"Release\" src=\"https://img.shields.io/github/release/RedTeamPentesting/kbtls.svg?style=for-the-badge\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://pkg.go.dev/github.com/RedTeamPentesting/kbtls\"\u003e\u003cimg alt=\"Go Doc\" src=\"https://img.shields.io/badge/godoc-reference-blue.svg?style=for-the-badge\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/RedTeamPentesting/kbtls/actions?workflow=Check\"\u003e\u003cimg alt=\"GitHub Action: Check\" src=\"https://img.shields.io/github/actions/workflow/status/RedTeamPentesting/kbtls/check.yml?branch=main\u0026style=for-the-badge\"\u003e\u003c/a\u003e\n    \u003ca href=\"/LICENSE\"\u003e\u003cimg alt=\"Software License\" src=\"https://img.shields.io/badge/license-MIT-brightgreen.svg?style=for-the-badge\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://goreportcard.com/report/github.com/RedTeamPentesting/kbtls\"\u003e\u003cimg alt=\"Go Report Card\" src=\"https://goreportcard.com/badge/github.com/RedTeamPentesting/kbtls?style=for-the-badge\"\u003e\u003c/a\u003e\n  \u003c/p\u003e\n\u003c/p\u003e\n\n---\n\nThis library allows to create mutually trusted client and server certificates\nbased on a pre-shared connection key. This is possible because the pre-shared\nconnection key can be used on both sides to derive the same CA certificate which\nis then used to sign the server and client certificates that are generated on\nthe spot.\n\n![TLS setup](assets/cert_derivation.png)\n\n---\n\n**Warning:** This library is not meant for production use. It was developed to\nbe used in offensive security tools to conveniently provide an encrypted\nconnection ad-hoc without certificate management. While we are unaware of any\nsecurity risks with the library's approach, it uses TLS in an unconventional way\nwhich may introduce subtle vulnerabilities. Please contact us if you are aware\nof any security considerations regarding this library.\n\n---\n\n## Usage:\n\nThe following example shows how a connection key can be generated in order to\ngenerate a listener:\n\n```go\nkey, err := kbtls.GenerateConnectionKey()\n// error handling\nfmt.Println(key) // tvyFtKR0Y2IY/sN5EbxYscr15fGxa8Mx2NeelZUCpn0\n\nlistener, err := kbtls.Listen(\"tcp\", \"localhost:8443\", key.String())\n// error handling\n```\n\nIn most cases, one endpoint generates and outputs the key like this. The user\nthen passes the generated key to the other endpoint where it can be used as\nfollows:\n\n```go\nkey := \"tvyFtKR0Y2IY/sN5EbxYscr15fGxa8Mx2NeelZUCpn0\"\nconn, err := kbtls.Dial(\"tcp\", \"localhost:8443\", key)\n// error handling\n```\n\nA full server and client example can be found\n[here](https://github.com/RedTeamPentesting/kbtls/blob/main/examples/simple/main.go).\nFor custom listeners or for custom TLS configuration lower-level functions are\nprovided, as demonstrated\n[here](https://github.com/RedTeamPentesting/kbtls/blob/main/examples/custom/main.go).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredteampentesting%2Fkbtls","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredteampentesting%2Fkbtls","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredteampentesting%2Fkbtls/lists"}