https://github.com/protonmail/x509-sign
Simple endpoint to sign ASN1 strings
https://github.com/protonmail/x509-sign
Last synced: about 1 year ago
JSON representation
Simple endpoint to sign ASN1 strings
- Host: GitHub
- URL: https://github.com/protonmail/x509-sign
- Owner: ProtonMail
- License: mit
- Created: 2021-01-08T16:01:26.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2021-06-29T13:22:58.000Z (about 5 years ago)
- Last Synced: 2025-03-24T18:21:12.494Z (over 1 year ago)
- Language: PHP
- Size: 189 KB
- Stars: 1
- Watchers: 3
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# X509 Sign
A simple endpoint to sign X509 certificates.
# Usage
### Via HTTP:
Expose `index.php` on a webserver.
Get the signature server public key:
```
POST /
```
```json
{
"publicKey": {}
}
```
Or specify a format:
```
POST /
```
```json
{
"publicKey": {"format": "PSS"}
}
```
Request a signature:
```
POST /
```
```json
{
"signedCertificate": {
"certificate": "-----BEGIN...",
"clientPublicKey": "-----BEGIN..."
}
}
```
You can group requests and get both results aggregated:
```
POST /
```
```json
{
"publicKey": {},
"signedCertificate": {
"certificate": "-----BEGIN...",
"clientPublicKey": "-----BEGIN..."
}
}
```
Would result the following JSON output:
```json
{
"publicKey": {
"success": true,
"result": "-----BEGIN..."
},
"signedCertificate": {
"success": true,
"result": "-----BEGIN..."
}
}
```
With the server signature public key string and the signed certificate.
### As a service
Use `Issuer::issue()` to sign certificates from a PHP application.
```php
use Proton\X509Sign\Issuer;
use phpseclib3\Crypt\RSA\PrivateKey;
use phpseclib3\Crypt\RSA\PublicKey;
$issuer = new Issuer();
$issuer->issue(
PrivateKey::load('-----BEGIN...'),
PublicKey::load('-----BEGIN...'),
['commonName' => 'foo'],
['commonName' => 'bar'],
'9256',
);
```
## Config
Define environment variables to configure your server:
- `SIGNATURE_PRIVATE_KEY` PKCS1 string of the private signature key.
- `SIGNATURE_PRIVATE_KEY_PASSPHRASE` Passphrase/password of the private key.
- `EXTENSIONS` JSON representation of X509 extensions to support.