Bootstrapping a new root of trust 🌐


Peer-PKI-Root - Researching the future of webpki

Project highlights

The Peer-PKI-Root project is a decentralized, peer-to-peer Public Key Infrastructure (PKI) root designed to address the need for a community-driven root of trust. It targets developers and organizations interested in enhancing their security posture by establishing a trust model independent of traditional centralized Certificate Authorities (CAs). The project enables the creation, management, and validation of PKI structures without relying on third-party CAs, addressing the issues of centralization and vendor lock-in in the realm of digital certificates.

Features

  • Peer-to-peer decentralized PKI management.
  • Self-sovereign identity management.
  • Certificate issuance and revocation functionality.
  • Support for standard X.509 certificates.
  • Implementation of secure trust delegation between peers.
  • Ensures transparency, integrity, and decentralization in certificate management.

How to install

To install and run the Peer-PKI-Root tool:

  1. Clone the repository:
    git clone 
    
  2. Install necessary dependencies:
    cargo build
    
  3. Set up any required environment variables and configure local settings as needed.

Usage Example

To issue a new certificate using the CLI:

new-assertion --tls-pem p256.pub --ens zombo.erh --dns Zombi --ip4 198.51.100.60

To revoke an existing certificate:

TBD

Documentation

For detailed documentation, including configuration options and advanced usage, please refer to the [official GitHub repos

Dependencies

  • IC
  • ENS
  • TEE
  • OpenSSL
  • Additional Python libraries specified in requirements.txt

Ensure you are using the correct versions of dependencies to avoid compatibility issues.

License

The project is licensed under the MIT License, allowing for permissive use, modification, and distribution. For more details, please refer to the LICENSE file in the repository.

Resources

Future Plans

Future development plans include:

  • Enhancing support for additional certificate formats.
  • Implementing multi-platform compatibility.
  • Integration with popular cryptographic libraries.
  • Attending security conferences to present the project and engage with the community.