Share your code. npm Orgs help your team discover, share, and reuse code. Create a free org »

    pkppublic

    Public Key Pen

    SYNOPSIS

    PKP helps you create, sign with and distribute public keys. It is designed to work in concert with PKS.

    MOTIVATION

    PKP is based on the work of SDSI, a simple distributed security infrastructure. PKP is meant to lower the technical barrier to using public key cryptography effectively. SDSI leverages Public-key cryptography which gives us the ability to sign data and to some degree, verify it origins.

    npm install pkp -g
    pkp config

    SIGNING

    Recursively hash the contents of a directory and produce a

    certificate.

    pkp init

    Hash the contents of a package, compare it with the hash found

    in the certificate as well as attempt to validate it's public key.

    pkp sign <package-name> [version]

    or

    pkp sign --remote git://github.com/hij1nx/pkp.git

    THIRD PARTY VERIFICATION

    The verify method tries to validate the certificates and their public keys found in a specified pacakge-name or remote.

    pkp verify <package-name> [version]

    PKI FILE SPECIFICATION

    A package should contain a pki.json file which includes an object literal with entries corresponding to each signed version of the package.

    {
      "0.0.1": {
        "principal": {
          "principal-at": "hij1nx@async.ly",
          "server-at": "10.0.0.1",
          "public-key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAwIB6PV4gYy1X47zQllmke+KGYdXFH1xyrO0q4DZw3OBHr187xZWn81LWI6av\nyIhW+XDeVYuAud1+VqnsvsBASD19qc2xXiZ21cHdSfB1N2nSHBBHB2e+ubhDEN9PbhAcO+BK\ngr8E0/ucGy5thM70KZpVuJGXZJWABzlrin/Q3xyk/46OFQNj5DXjmSfSoWcs76TknAkttz0N\nc4QK3buByERNeWOjJsZjTj5w8StVpwfc2Ut3wUIoks/8w+nwqiAW1tHVoCjcol8fHIvRiiNH\n1bYS+ZkBgb0RUKzQkl+l8o6IfFzhSnvt9g+E5aVOgzJs/O2RdwjpHpVsfwh74pM8qwIDAQAB\n-----END RSA PUBLIC KEY-----\n\n"
        },
        "data": "7330651368657d5f711b5f15481949a9a30221b2",
        "algorithm": "sha1"
        "signatures": [
          {
            "principal": {
              "principal-at": "hij1nx@async.ly",
              "server-at": "10.0.0.1",
              "public-key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAwIB6PV4gYy1X47zQllmke+KGYdXFH1xyrO0q4DZw3OBHr187xZWn81LWI6av\nyIhW+XDeVYuAud1+VqnsvsBASD19qc2xXiZ21cHdSfB1N2nSHBBHB2e+ubhDEN9PbhAcO+BK\ngr8E0/ucGy5thM70KZpVuJGXZJWABzlrin/Q3xyk/46OFQNj5DXjmSfSoWcs76TknAkttz0N\nc4QK3buByERNeWOjJsZjTj5w8StVpwfc2Ut3wUIoks/8w+nwqiAW1tHVoCjcol8fHIvRiiNH\n1bYS+ZkBgb0RUKzQkl+l8o6IfFzhSnvt9g+E5aVOgzJs/O2RdwjpHpVsfwh74pM8qwIDAQAB\n-----END RSA PUBLIC KEY-----\n\n"
            },
            "signature": {
              "data": "RjCojNv/oJMarme4zojP43rUKCoLADt2TQxOF2oOpEuOoSjD3uIGXa8raltUf7UNseTPXUFbktspgOaJ/z45C+uhOgdOrhAOgJudCT+22xsW1IG2LFmbnnEv865R5h6w38DYaFZK3BjddLR5IPrkoDHw+Pk5xr43npc/XU1BHxI7/xmNyi3ydm9DJ44WXwiQo7ypK5PbgNC+k6AN+XSFQm+sK1rH7w1d22J+jR48SHejNaXPyAkMEQDuEGu0v/gnT8GSh+GGPqJZNKg8QVbIXK5hDD7ztvHmU3w5hDlzWvUGMJ9OWUlNPrnc/swTW0PdO6C9OinXw7BjXVoJsjQk3g==",
              "algorithm": "sha1-base64"
            }
          }
        ]
      }
    }

    REFERENCES

    Non-repudiation in the Digital Environment http://firstmonday.org/ojs/index.php/fm/article/view/778/687

    Keywords

    none

    install

    npm i pkp

    Downloadslast 7 days

    0

    version

    0.0.2

    license

    none

    repository

    github.com

    last publish

    collaborators

    • avatar