项目作者: seemenkina

项目描述 :
Multi-Party TSS-based Attestor for SPIRE
高级语言: Go
项目地址: git://github.com/seemenkina/tss-lib-test.git
创建时间: 2020-03-23T16:12:18Z
项目社区:https://github.com/seemenkina/tss-lib-test

开源协议:

下载


Multi-Party TSS-based Attestor for SPIRE

This repository contains agent and server plugins for SPIRE to allow Multi-Party TSS based node attestation.

Quick Start

Before starting, create a running SPIRE deployment and add the following configuration to the agent and server:

Configuring the server plugin

https://github.com/spiffe/spire/blob/master/conf/server/server.conf

The server plugin configuration template is as below:

  1. plugins {
  2. NodeAttestor "tssNodeattestor" {
  3. plugin_cmd = "/path/to/plugin_cmd"
  4. plugin_checksum = "sha256 of the plugin binary"
  5. plugin_data {
  6. ca_bundle_path = "/path/to/trusted/CA/bundle"
  7. }
  8. }
  9. ...
key type required description example
ca_bundle_path string The path to the trusted CA bundle on disk.

Configuring the agent plugin

https://github.com/spiffe/spire/blob/master/conf/agent/agent.conf

The agent plugin configuration template is as below:

  1. plugins {
  2. NodeAttestor "tssNodeattestor" {
  3. plugin_cmd = "/path/to/plugin_cmd"
  4. plugin_checksum = "sha256 of the plugin binary"
  5. plugin_data {
  6. certificate_path = "/path/to/certificate"
  7. intermediates_path = "/path/to/trusted/CA/bundle"
  8. }
  9. }
  10. ...
key type required description example
certificate_path string The path to the certificate on disk.
intermediates_path string Optional. The path to a chain of intermediate certificates on disk.

Building

To build agent or server plugin on MacOS or Unix-system, run go build . in corresponding directory.

Generate new certificate

To generate new certificates, delete the old ones in /tss-lib-test/data/... and then generate a new chain.

Then copy the received certificates to the required directories for the SPIRE Agent or Server config. Don’t delete generate data from /tss-lib-test/data/... after copy!

  1. rm ../data/agent_.../*
  2. rm ../data/keyLib/key.json
  3. go run certs/main.go