go-keyless

go-keyless copied to clipboard

go-keyless: a client for https://github.com/cloudflare/keyless

My goal at the moment is just to implement the functionality required for 'testclient' to run. Injecting into crypto/tls is a larger, different project.

To play with:

Download and build keyless. Currently, Go can't talk to a keyless server because crypto/tls doesn't support ECDHE-ECDSA-AES256-GCM-SHA384 and ECDHE-RSA-AES256-GCM-SHA384, the only two ciphers keyless accepts. If you want to play, you need to patch your local keyless to include support for more ciphers. The easiest two to change to are ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-RSA-AES128-GCM-SHA256. (256 -> 128, 384 -> 256).

Start the keyless demo server

keyless$ make run PORT=2047

Run the test client. You'll need to point it at the test certificates that come with keyless. It runs some Pings(), a Decrypt(), and a Sign().

testclient$ go run main.go -server=localhost -port=2047
-client-cert=$KEYLESS/testing/client-cert/ecdsa/ecdsa-client.pem
-client-key=$KEYLESS/testing/client-cert/ecdsa/ecdsa-client-key.pem
-ca-file=$KEYLESS/testing/CAs/testca-keyserver.pem
-private-key=$KEYLESS/testing/keys/private.key

There's also a sample server included in cmd/server.