letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
boulder/tools/nameid
History
Phil Porada b15e54db2b
Add nameid tool (#7586) 
Adds a nameid tool to the boulder tools directory for SRE use. The
existing local and github CI framework correctly catches build failures
of this directory.

Examples of usage:
```
$ go run ./tools/nameid/nameid.go test/certs/webpki/int-ecdsa-c.cert.pem test/certs/webpki/int-rsa-a.cert.pem 
test/certs/webpki/int-ecdsa-c.cert.pem: 56560759852043581
test/certs/webpki/int-rsa-a.cert.pem: 29947985078257530

$ go run ./tools/nameid/nameid.go -s test/certs/webpki/int-ecdsa-c.cert.pem test/certs/webpki/int-rsa-a.cert.pem 
56560759852043581
29947985078257530
```

Fixes https://github.com/letsencrypt/boulder/issues/7469
 		2024-07-12 13:08:05 -04:00
..
README.md Add nameid tool (#7586) 2024-07-12 13:08:05 -04:00
nameid.go Add nameid tool (#7586) 2024-07-12 13:08:05 -04:00

README.md

Overview

The nameid tool displays a statistically-unique small ID which can be computed from both CA and end-entity certs to link them together into a validation chain. It is computed as a truncated hash over the issuer Subject Name bytes. It should only be used on issuer certificates e.g. when the CA boolean is asserted which in the //crypto/x509 Certificate struct is IsCA: true.

For implementation details, please see the //issuance package here.

Usage

# Display help
go run ./tools/nameid/nameid.go -h

# Output the certificate path and nameid, one per line
go run ./tools/nameid/nameid.go /path/to/cert1.pem /path/to/cert2.pem ...

# Output just the nameid, one per line
go run ./tools/nameid/nameid.go -s /path/to/cert1.pem /path/to/cert2.pem ...