0.0.2 • Published 12 years ago

pkp v0.0.2

Weekly downloads
4
License
-
Repository
github
Last release
12 years ago

Public Key Infrastructure for Packages

SYNOPSIS

This is a specification and implementation that leverages Public Key Infrastructure to build trust networks for distributed software.

npm install pkp -g
pkp config

SIGNING

Prepare a package for signing

pkp init

Sign a package

pkp sign <package-name>

or

pkp sign --remote git://github.com/hij1nx/pkp.git

THIRD PARTY VERIFICATION

The verify method iterates though the signatures and validates that they were infact signed using the private key that corresponds to the public key provided.

pkp verify [version]

PKI FILE SPECIFICATION

A package should contain a pki.json file which includes an object literal with entries corresponding to each signed version of the package. The file should include the following fields.

author

Extracted from the package.json. This is used to alter the user making the request that a signing has been successful.

key

The public key of the user making the request.

sha1

A sha1 hash of the codebase to be signed.

signatures

An array of object literals representing successful signings that can be verified using pkp.

{
  "0.0.1": {
    "principal": {
      "principal-at": "hij1nx@async.ly",
      "server-at": "10.0.0.1",
      "public-key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAwIB6PV4gYy1X47zQllmke+KGYdXFH1xyrO0q4DZw3OBHr187xZWn81LWI6av\nyIhW+XDeVYuAud1+VqnsvsBASD19qc2xXiZ21cHdSfB1N2nSHBBHB2e+ubhDEN9PbhAcO+BK\ngr8E0/ucGy5thM70KZpVuJGXZJWABzlrin/Q3xyk/46OFQNj5DXjmSfSoWcs76TknAkttz0N\nc4QK3buByERNeWOjJsZjTj5w8StVpwfc2Ut3wUIoks/8w+nwqiAW1tHVoCjcol8fHIvRiiNH\n1bYS+ZkBgb0RUKzQkl+l8o6IfFzhSnvt9g+E5aVOgzJs/O2RdwjpHpVsfwh74pM8qwIDAQAB\n-----END RSA PUBLIC KEY-----\n\n"
    },
    "data": "7330651368657d5f711b5f15481949a9a30221b2",
    "type": "sha1"
    "signatures": [
      {
        "principal": {
          "principal-at": "hij1nx@async.ly",
          "server-at": "10.0.0.1",
          "public-key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAwIB6PV4gYy1X47zQllmke+KGYdXFH1xyrO0q4DZw3OBHr187xZWn81LWI6av\nyIhW+XDeVYuAud1+VqnsvsBASD19qc2xXiZ21cHdSfB1N2nSHBBHB2e+ubhDEN9PbhAcO+BK\ngr8E0/ucGy5thM70KZpVuJGXZJWABzlrin/Q3xyk/46OFQNj5DXjmSfSoWcs76TknAkttz0N\nc4QK3buByERNeWOjJsZjTj5w8StVpwfc2Ut3wUIoks/8w+nwqiAW1tHVoCjcol8fHIvRiiNH\n1bYS+ZkBgb0RUKzQkl+l8o6IfFzhSnvt9g+E5aVOgzJs/O2RdwjpHpVsfwh74pM8qwIDAQAB\n-----END RSA PUBLIC KEY-----\n\n"
        },
        "signature": {
          "data": "RjCojNv/oJMarme4zojP43rUKCoLADt2TQxOF2oOpEuOoSjD3uIGXa8raltUf7UNseTPXUFbktspgOaJ/z45C+uhOgdOrhAOgJudCT+22xsW1IG2LFmbnnEv865R5h6w38DYaFZK3BjddLR5IPrkoDHw+Pk5xr43npc/XU1BHxI7/xmNyi3ydm9DJ44WXwiQo7ypK5PbgNC+k6AN+XSFQm+sK1rH7w1d22J+jR48SHejNaXPyAkMEQDuEGu0v/gnT8GSh+GGPqJZNKg8QVbIXK5hDD7ztvHmU3w5hDlzWvUGMJ9OWUlNPrnc/swTW0PdO6C9OinXw7BjXVoJsjQk3g==",
          "type": "sha1-base64"
        }
      }
    ]
  }
}
optimistnode-forgehashdhyperquestevent-streamcli-promptnpmpulloverdeepcopyrimrafuniqmultilevelsecure-peerthroughmux-demux
@infinitebrahmanuniverse/nolb-pk@everything-registry/sub-chunk-2443
0.0.2

12 years ago

0.0.1

12 years ago