PKP helps you create, sign with and distribute public keys. It is designed
to work in concert with PKS.
MOTIVATION
PKP is based on the work of SDSI, a simple distributed security
infrastructure. PKP is meant to lower the technical barrier to using
public key cryptography effectively. SDSI leverages
Public-key cryptography which gives us the ability to sign data
and to some degree, verify it origins.
npm install pkp -g
pkp config
SIGNING
Recursively hash the contents of a directory and produce a
certificate.
pkp init
Hash the contents of a package, compare it with the hash found
in the certificate as well as attempt to validate it's public key.
pkp sign <package-name> [version]
or
pkp sign --remote git://github.com/hij1nx/pkp.git
THIRD PARTY VERIFICATION
The verify method tries to validate the certificates and their public
keys found in a specified pacakge-name or remote.
pkp verify <package-name> [version]
PKI FILE SPECIFICATION
A package should contain a pki.json file which includes an object literal
with entries corresponding to each signed version of the package.
{
"0.0.1":{
"principal":{
"principal-at":"hij1nx@async.ly",
"server-at":"10.0.0.1",
"public-key":"-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAwIB6PV4gYy1X47zQllmke+KGYdXFH1xyrO0q4DZw3OBHr187xZWn81LWI6av\nyIhW+XDeVYuAud1+VqnsvsBASD19qc2xXiZ21cHdSfB1N2nSHBBHB2e+ubhDEN9PbhAcO+BK\ngr8E0/ucGy5thM70KZpVuJGXZJWABzlrin/Q3xyk/46OFQNj5DXjmSfSoWcs76TknAkttz0N\nc4QK3buByERNeWOjJsZjTj5w8StVpwfc2Ut3wUIoks/8w+nwqiAW1tHVoCjcol8fHIvRiiNH\n1bYS+ZkBgb0RUKzQkl+l8o6IfFzhSnvt9g+E5aVOgzJs/O2RdwjpHpVsfwh74pM8qwIDAQAB\n-----END RSA PUBLIC KEY-----\n\n"
"public-key":"-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAwIB6PV4gYy1X47zQllmke+KGYdXFH1xyrO0q4DZw3OBHr187xZWn81LWI6av\nyIhW+XDeVYuAud1+VqnsvsBASD19qc2xXiZ21cHdSfB1N2nSHBBHB2e+ubhDEN9PbhAcO+BK\ngr8E0/ucGy5thM70KZpVuJGXZJWABzlrin/Q3xyk/46OFQNj5DXjmSfSoWcs76TknAkttz0N\nc4QK3buByERNeWOjJsZjTj5w8StVpwfc2Ut3wUIoks/8w+nwqiAW1tHVoCjcol8fHIvRiiNH\n1bYS+ZkBgb0RUKzQkl+l8o6IfFzhSnvt9g+E5aVOgzJs/O2RdwjpHpVsfwh74pM8qwIDAQAB\n-----END RSA PUBLIC KEY-----\n\n"