#rest #security #edcert #revoke

edcert-restrevoke

A crate for a REST-based revoke infrastructure for Edcert Certificates

9 releases (stable)

Uses old Rust 2015

1.0.6 Oct 22, 2016
1.0.4 Apr 5, 2016
1.0.0 Mar 28, 2016
0.1.2 Mar 21, 2016

#221 in #rest

24 downloads per month

MIT license

13KB
134 lines

Build Status

This is an implementation for a REST-style revoke infrastructure. This contains both the code of the crate "edcert-restrevoke", which is the client implementation (fully rust) and also a sample implementation of a server (found in revoke-server), which is a simple PHP script querying a MySQL database.

Design

The architecture is as follows: You can have multiple "clients", which all connect to one (or more) revoke-server. These can query if a certain public key has been revoked, or not. The server will eg. query a database for public keys known to be revoked and send an appropriate response.

A public key and therefore a certificate will be revoked, if the private key has been disclosed, or the authenticity can't be guaranteed for other reason


lib.rs:

This crate defines a RestRevoker. This is a configurable revoke client, which sends a request to the server via HTTP and parses the result as JSON. The server should return a JSON object with the key "revoked", which value should be a boolean.

Dependencies

~24MB
~207K SLoC