cfssl icon indicating copy to clipboard operation
cfssl copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

One-time auth key

Open RadionovM opened this issue 3 years ago • 0 comments

Is it possible to create a one-time auth key? That is, so that each client who wants to subscribe to the CFSSL server has its own unique password for authentication, which would be invalidated after receiving the certificate (in case of a password leak, so that another unwanted client could not request a certificate using this password).

As I understand it, I can create several signing profiles (each has its own password) for the estimated number of clients, but how can I make them one-time use? So that after signing their client they cannot sign anyone else.

{
   "auth_keys" : {
      "client1" : {
         "key" : "file:base1.key"
      },
      "client2" : {
         "key" : "file:base2.key"
      },
     ................
   },
   "signing" : {
      "profiles" : {
              "client1" : {
                     "auth_key": "client1",
                      "usages" : [.........]
                 },      
                 "client2" : {
                       "auth_key": "client2",
                       "usages" : [........]
                  },
                 ......................................

      }
    }
}

RadionovM avatar May 05 '21 14:05 RadionovM