search

google / certificate-transparency

Auditing for TLS certificates.
https://certificate.transparency.dev
Apache License 2.0
868 stars 283 forks source link

Validate signatures in Go client lib, add command line tool #1316

Closed daviddrysdale closed 8 years ago

daviddrysdale commented 8 years ago

Tested manually with: 

% ./ctclient --pub_key ../cloud/keys/aviator.pem sth
2016-10-12 12:58:31.109 +0100 BST: Got STH for V1 log (size=33863470) at http://ct.googleapis.com/aviator, hash 49af642e46dbe6e7653a1e5100c9b41e59777414bbfe929c1963c7babec14b90
Signature: Hash=SHA256 Sign=ECDSA Value=3045022100f926ba5366c2a12d20df4bd6437c3bb89844698979c6334f175ae234e5834dc902200b102a52fdc865f623cdaefc48dc486edbc2c925f8ab9ea3fb16eecb67f05d69
% ./ctclient --pub_key ../cloud/keys/aviator.pem --cert_chain ~/giag2.pem upload
2016-07-03 12:22:29.331 +0100 BST: Uploaded chain of 1 certs to V1 log at http://ct.googleapis.com/aviator
Signature: Hash=SHA256 Sign=ECDSA Value=304502210094124c90401bd1b20b33542b0894e5b624d4a21aa9d713ba0193bdd233f778f00220276944d0d8877838e2ee1c1159585785727c1b6db7b8c614ec28f9304ef41e93
daviddrysdale commented 8 years ago

Drat, dunno how I missed that there was already signature verification code in there.

Other markups done too.