A library/utility for Stateless DANE certificates (HIP-0017).
Warning Not ready for production use. This project (and spec) is in early stages and subject to breaking changes.
In any case, a connection to a hsd node is required. Connection settings are read just like hs-client
from hsd.conf
, env and args.
Install it globally: npm i -g stateless-dane
The CLI can generate new and inspect existing certificates:
❯ stateless-dane
stateless-dane v0.0.1
Usage:
stateless-dane inspect-cert <filepath>
stateless-dane generate <name> [--sign <true|false>] [--public-key <hex>]
stateless-dane get-ext-data <name> [--parsed <true|false>]
Options:
--sign <bool> whether to sign the certificate (default: true)
--public-key <hex> create a certificate with this public key (default: generated keypair)
--parsed <bool> whether to return parsed extension data (default: true)
[all hsd client options like http-host, api-key, etc.]
Examples:
* Inspect an existing certificate:
$ stateless-dane inspect-cert /tmp/cert.pem
* Generate a new certificate for letsdane:
$ stateless-dane generate letsdane
* Only get raw extension data to be used by other cert issuers:
$ stateless-dane get-ext-data letsdane --parsed false
Add as dependency with npm i stateless-dane
and use it like:
// A hs-client node client
const nodeClient = new NodeClient({
port: network.rpcPort,
});
const name = 'some.domain';
// Init a new certificate
const cert = new StatelessDANECertificate(nodeClient, name);
// Optionally, set keypair (else, will be generated)
cert.publicKey = Buffer...
cert.privateKey = Buffer...
// Create and sign the certificate
await cert.create();
cert.sign();
// Export as PEM
console.log(cert.cert.toPEM());
Contributions are always welcome! However, please create an issue before starting any work so there won't be any repeated/wasted effort.
Thanks to:
- @buffrr for the HIP-17 spec
- @pinheadmz for handout