| .eslintrc.js |
|
401 |
| crtshToIdentifyingStruct |
|
|
| dumpGoogleRoots.js |
|
2981 |
| genRootCAHashes.js |
/\n" +
"/* This is an automatically generated file. If you're not |
8870 |
| KnownRootHashes.json |
|
25226 |
| log_list.json |
|
32051 |
| log_list_pubkey.pem |
|
800 |
| mach_commands.py |
Run the given module (pycert, pykey, etc.) on the given
file. |
4248 |
| PreloadedHPKPins.json |
|
13283 |
| pycert.py |
Reads a certificate specification from stdin or a file and outputs a
signed x509 certificate with the desired properties.
The input format is as follows:
issuer:<issuer distinguished name specification>
subject:<subject distinguished name specification>
[version:{1,2,3,4}]
[validity:<YYYYMMDD-YYYYMMDD|duration in days>]
[issuerKey:<key specification>]
[subjectKey:<key specification>]
[signature:{sha256WithRSAEncryption,sha1WithRSAEncryption,
md5WithRSAEncryption,ecdsaWithSHA256,ecdsaWithSHA384,
ecdsaWithSHA512}]
[serialNumber:<integer in the interval [1, 127]>]
[extension:<extension name:<extension-specific data>>]
[...]
Known extensions are:
basicConstraints:[cA],[pathLenConstraint]
keyUsage:[digitalSignature,nonRepudiation,keyEncipherment,
dataEncipherment,keyAgreement,keyCertSign,cRLSign]
extKeyUsage:[serverAuth,clientAuth,codeSigning,emailProtection
nsSGC, # Netscape Server Gated Crypto
OCSPSigning,timeStamping]
subjectAlternativeName:[<dNSName|directoryName|"ip4:"iPV4Address>,...]
authorityInformationAccess:<OCSP URI>
certificatePolicies:[<policy OID>,...]
nameConstraints:{permitted,excluded}:[<dNSName|directoryName>,...]
nsCertType:sslServer
TLSFeature:[<TLSFeature>,...]
embeddedSCTList:[<key specification>:<YYYYMMDD>,...]
delegationUsage:
Where:
[] indicates an optional field or component of a field
<> indicates a required component of a field
{} indicates a choice of exactly one value among a set of values
[a,b,c] indicates a list of potential values, of which zero or more
may be used
For instance, the version field is optional. However, if it is
specified, it must have exactly one value from the set {1,2,3,4}.
Most fields have reasonable default values. By default one shared RSA
key is used for all signatures and subject public key information
fields. Using "issuerKey:<key specification>" or
"subjectKey:<key specification>" causes a different key be used for
signing or as the subject public key information field, respectively.
See pykey.py for the list of available specifications.
The signature algorithm is sha256WithRSAEncryption by default.
The validity period may be specified as either concrete notBefore and
notAfter values or as a validity period centered around 'now'. For the
latter, this will result in a notBefore of 'now' - duration/2 and a
notAfter of 'now' + duration/2.
Issuer and subject distinguished name specifications are of the form
'[stringEncoding]/C=XX/O=Example/CN=example.com'. C (country name), ST
(state or province name), L (locality name), O (organization name), OU
(organizational unit name), CN (common name) and emailAddress (email
address) are currently supported. The optional stringEncoding field may
be 'utf8String' or 'printableString'. If the given string does not
contain a '/', it is assumed to represent a common name. If an empty
string is provided, then an empty distinguished name is returned.
DirectoryNames also use this format. When specifying a directoryName in
a nameConstraints extension, the implicit form may not be used.
If an extension name has '[critical]' after it, it will be marked as
critical. Otherwise (by default), it will not be marked as critical.
TLSFeature values can either consist of a named value (currently only
'OCSPMustStaple' which corresponds to status_request) or a numeric TLS
feature value (see rfc7633 for more information).
If a serial number is not explicitly specified, it is automatically
generated based on the contents of the certificate.
|
32429 |
| pycms.py |
Reads a specification from stdin and outputs a PKCS7 (CMS) message with
the desired properties.
The specification format is as follows:
sha1:<hex string>
sha256:<hex string>
signer:
<pycert specification>
Eith or both of sha1 and sha256 may be specified. The value of
each hash directive is what will be put in the messageDigest
attribute of the SignerInfo that corresponds to the signature
algorithm defined by the hash algorithm and key type of the
default key. Together, these comprise the signerInfos field of
the SignedData. If neither hash is specified, the signerInfos
will be an empty SET (i.e. there will be no actual signature
information).
The certificate specification must come last.
|
8743 |
| pyct.py |
Helper library for creating a Signed Certificate Timestamp given the
details of a signing key, when to sign, and the certificate data to
sign. See RFC 6962.
When run with an output file-like object and a path to a file containing
a specification, creates an SCT from the given information and writes it
to the output object. The specification is as follows:
timestamp:<YYYYMMDD>
[key:<key specification>]
[tamper]
certificate:
<certificate specification>
Where:
[] indicates an optional field or component of a field
<> indicates a required component of a field
By default, the "default" key is used (logs are essentially identified
by key). Other keys known to pykey can be specified.
The certificate specification must come last.
|
7084 |
| pykey.py |
Reads a key specification from stdin or a file and outputs a
PKCS #8 file representing the (private) key. Also provides
methods for signing data and representing the key as a subject
public key info for use with pyasn1.
The key specification format is as follows:
default: a 2048-bit RSA key
alternate: a different 2048-bit RSA key
ev: a 2048-bit RSA key that, when combined with the right pycert
specification, results in a certificate that is enabled for
extended validation in debug Firefox (see ExtendedValidation.cpp).
evRSA2040: a 2040-bit RSA key that, when combined with the right pycert
specification, results in a certificate that is enabled for
extended validation in debug Firefox.
rsa2040: a 2040-bit RSA key
rsa1024: a 1024-bit RSA key
rsa1016: a 1016-bit RSA key
secp256k1: an ECC key on the curve secp256k1
secp244r1: an ECC key on the curve secp244r1
secp256r1: an ECC key on the curve secp256r1
secp384r1: an ECC key on the curve secp384r1
secp521r1: an ECC key on the curve secp521r1
|
40464 |
| pypkcs12.py |
Reads a specification from stdin or a file and outputs a PKCS12
file with the desired properties.
The input format currently consists of a pycert certificate
specification (see pycert.py).
Currently, keys other than the default key are not supported.
The password that is used to encrypt and authenticate the file
is "password".
|
3497 |