1. 14 Dec, 2021 1 commit
  2. 12 Dec, 2021 4 commits
  3. 10 Dec, 2021 5 commits
  4. 09 Dec, 2021 4 commits
  5. 07 Dec, 2021 2 commits
  6. 01 Dec, 2021 1 commit
  7. 26 Nov, 2021 2 commits
  8. 25 Nov, 2021 1 commit
  9. 24 Nov, 2021 2 commits
  10. 19 Nov, 2021 2 commits
  11. 18 Nov, 2021 1 commit
  12. 17 Nov, 2021 7 commits
  13. 04 Nov, 2021 2 commits
    • Alexander (asac) Sack's avatar
      Merge branch 'feature/pvs-ca' into 'develop' · 2a7323a1
      Alexander (asac) Sack authored
      add support for using x509 cert chains using x5c jws header to determine trust in pvr signatures
      
      See merge request !303
      2a7323a1
    • Alexander (asac) Sack's avatar
      add support for using x509 cert chains using x5c jws header to determine trust in pvr signatures · 6de0935c
      Alexander (asac) Sack authored
      * introduce new --x5c argument pvr app sig command to provide the chain to include in pvr sig add and update commands
      * introduce --cacerts argument to pvr sig commands to allow to post a trust CACERTS file to use to validate in pvr app ls;
        using special value _system will use the system cert store to validate ca chain
      * pubkey validation now allows to have multiple trusted pubkeys in the file referenced by --pubkey
      * document this feature in README.md
      
      Example 1: "add signature with trust ca chain"
      
      Below statement injects the myKey.crt as the trust chain into the jws.
      If you have intermediates your .crt file would need to include those
      also in reverse order.
      
      ```
      pvr sig --x5c ../ca/myKey.crt --key ../ca/myKey.key add --part nginx
      ```
      
      Example 2: "update signatures with trustchain"
      
      Below will refresh the nginx.json signature and attach myKey.crt as
      the trust ca cert chain to validate against root certificates
      
      ```
      pvr sig --x5c ../ca/myKey.crt --key ../ca/myKey.key update _sigs/nginx.json
      ```
      
      Example 3: "validate signatures with cert pool in file"
      
      Below you can see how to validate signature with ca cert pool in file myCA.pem.
      
      ```
      pvr sig --cacerts ../ca/myCA.pem ls --part _sigs/nginx.json
      ```
      
      Example 4: use system ca cert pool to validate signature
      
      For this you have to put your myCA.pem into one of the system folders for
      trusted certificates. e.g. /etc/ssl/certs
      
      ```
      pvr sig ls --part _sigs/nginx.json
      ```
      6de0935c
  14. 03 Nov, 2021 6 commits