https://github.com/smallstep/scep
Go SCEP server
https://github.com/smallstep/scep
Last synced: 11 months ago
JSON representation
Go SCEP server
- Host: GitHub
- URL: https://github.com/smallstep/scep
- Owner: smallstep
- License: mit
- Created: 2023-03-22T21:05:08.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2025-03-18T23:12:41.000Z (12 months ago)
- Last Synced: 2025-03-30T02:04:15.580Z (11 months ago)
- Language: Go
- Homepage:
- Size: 372 KB
- Stars: 30
- Watchers: 9
- Forks: 8
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# scep
`scep` is a Golang implementation of the Simple Certificate Enrollment Protocol (SCEP).
This package started its life as part of [micromdm/scep](https://github.com/micromdm/scep).
The core SCEP protocol was extracted from it and is now being maintained by [smallstep](https://smallstep.com).
## Usage
```console
go get github.com/smallstep/scep
```
The package can be used for both client and server operations.
For detailed usage, see the [Go Reference](https://pkg.go.dev/github.com/smallstep/scep).
Example server:
```go
// read a request body containing SCEP message
body, err := ioutil.ReadAll(r.Body)
if err != nil {
// handle err
}
// parse the SCEP message
msg, err := scep.ParsePKIMessage(body)
if err != nil {
// handle err
}
// do something with msg
fmt.Println(msg.MessageType)
// extract encrypted pkiEnvelope
err := msg.DecryptPKIEnvelope(CAcert, CAkey)
if err != nil {
// handle err
}
// use the CSR from decrypted PKCS request and sign
// MyCSRSigner returns an *x509.Certificate here
crt, err := MyCSRSigner(msg.CSRReqMessage.CSR)
if err != nil {
// handle err
}
// create a CertRep message from the original
certRep, err := msg.Success(CAcert, CAkey, crt)
if err != nil {
// handle err
}
// send response back
// w is a http.ResponseWriter
w.Write(certRep.Raw)
```