Lib.rs

Network programming
#client-server #rpc-client #mint #cdk #client-certificate #cli #managment

bin+lib cdk-mint-rpc

CDK mintd mint managment RPC client and server

by CDK Developers. Owned by Brendan Murphy.

2 releases

new 0.7.1 Feb 13, 2025
0.7.0 Feb 6, 2025

#3 in #mint

Download history 132/week @ 2025-02-05

132 downloads per month
Used in cdk-mintd

MIT license

330KB
7.5K SLoC

Cashu Mint Management RPC

This crate is a grpc client and server to control and manage a cdk mint. This crate exposes a server complnate that can be imported as library compontant, see its usage in cdk-mintd. The client can be used as a cli by running cargo r --bin cdk-mint-cli.

The server can be run with or without certificate authentication. For running with authentication follow the below steps to create certificates.

gRPC TLS Certificate Generation Guide

This guide explains how to generate the necessary TLS certificates for securing gRPC communication between client and server.

Overview

The script generates the following certificates and keys:

  • Certificate Authority (CA) certificate and key
  • Server certificate and key
  • Client certificate and key

All certificates are generated in PEM format, which is commonly used in Unix/Linux systems.

Prerequisites

  • OpenSSL installed on your system
  • Bash shell environment

Generated Files

The script will create the following files:

  • ca.key - Certificate Authority private key
  • ca.pem - Certificate Authority certificate
  • server.key - Server private key
  • server.pem - Server certificate
  • client.key - Client private key
  • client.pem - Client certificate

Usage

  1. Save the script as generate_certs.sh
  2. Make it executable: 
    chmod +x generate_certs.sh
  3. Run the script: 
    ./generate_certs.sh

Certificate Details

Certificate Authority (CA)

  • 4096-bit RSA key
  • Valid for 365 days
  • Used to sign both server and client certificates

Server Certificate

  • 4096-bit RSA key
  • Valid for 365 days
  • Includes Subject Alternative Names (SAN):
    • DNS: localhost
    • DNS: my-server
    • IP: 127.0.0.1

Client Certificate

  • 4096-bit RSA key
  • Valid for 365 days
  • Used for client authentication

Verification

The script includes verification steps to ensure the certificates are properly generated:

# Verify server certificate
openssl verify -CAfile ca.pem server.pem

# Verify client certificate
openssl verify -CAfile ca.pem client.pem

Security Notes

  1. Keep private keys (*.key files) secure and never share them
  2. The CA certificate (ca.pem) needs to be distributed to both client and server
  3. Server needs:
    • server.key
    • server.pem
    • ca.pem
  4. Client needs:
    • client.key
    • client.pem
    • ca.pem

Dependencies

~37–51MB
~883K SLoC