Skip to content
/ credential-manager Public

Credential and Identity management script for Constitutional Committee memebrs backed by X.509 certificates

credential-manager.readthedocs.io/en/latest/

License

Apache-2.0 license
2 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

IntersectMBO/credential-manager

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

121 Commits
credential-manager
credential-manager
 
 
doc/read-the-docs-site
doc/read-the-docs-site
 
 
example-certificates
example-certificates
 
 
nix
nix
 
 
reactive-banana-gi-gtk
reactive-banana-gi-gtk
 
 
testnet
testnet
 
 
.envrc
.envrc
 
 
.gitignore
.gitignore
 
 
.hlint.yaml
.hlint.yaml
 
 
.readthedocs.yml
.readthedocs.yml
 
 
CHANGELOG
CHANGELOG
 
 
CODEOWNERS
CODEOWNERS
 
 
CODE_OF_CONDUCT
CODE_OF_CONDUCT
 
 
CONTRIBUTING
CONTRIBUTING
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
cabal.project
cabal.project
 
 
coldMint.hash
coldMint.hash
 
 
coldMint.keyhash
coldMint.keyhash
 
 
coldMint.native
coldMint.native
 
 
coldMint.skey
coldMint.skey
 
 
coldMint.vkey
coldMint.vkey
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 
fourmolu.yaml
fourmolu.yaml
 
 
hie.yaml
hie.yaml
 
 
hotMint.skey
hotMint.skey
 
 
hotMint.vkey
hotMint.vkey
 
 
install-cc-sign-mac-os.sh
install-cc-sign-mac-os.sh
 
 
install-cc-sign-windows.ps1
install-cc-sign-windows.ps1
 
 
mint.plutus.template
mint.plutus.template
 
 
scriv.ini
scriv.ini
 
 

Repository files navigation

Constitutional Committee Credential Management System

Documentation Status Hydra Status (Intel Linux) Hydra Status (Intel Mac OS) Hydra Status (M1 Mac OS)

The Constitutional Committee Credential Management System is a suite of Plutus scripts and tools for managing Cardano constitutional committee credentials with an X.509 certificate chain. It provides the following features:

  • Separation of capabilities between user roles
  • Multi-signature authorization of on-chain governance transactions
  • Key rotation without modifying registered committee credentials
  • Publicly verifiable authorization of on-chain activity via certificates

Installing the cc-sign tool

The cc-sign tool is a simplified CLI tool for signing transaction with encrypted openssl private keys. Installation instructions are listed per system below:

Prerequisites

You must have openssl installed to use this tool.

Via Nix

nix profile install github:IntersectMBO/credential-manager#cc-sign

MacOS (Non-nix)

Open a terminal window and run the following command:

sudo /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/IntersectMBO/credential-manager/main/install-cc-sign-mac-os.sh)"

Note that the use of sudo will require you to enter your password (your user account password, not your private key pass phrase).

Windows

Open a PowerShell window and run the following commands:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
Invoke-RestMethod -Uri https://raw.githubusercontent.com/IntersectMBO/credential-manager/main/install-cc-sign-windows.ps1 | Invoke-Expression

Linux (Non-nix, x64)

Download the executable from https://github.com/IntersectMBO/credential-manager/releases/download/0.1.1.0/cc-sign-linux-x64 and put it in a directory in your PATH (e.g. /usr/local/bin or /usr/bin).

Using the cc-sign tool

Before you use the tool, you need to have downloaded the tx body file that needs signing to a known location.

To use cc-sign, open a new terminal window (or PowerShell on Windows). The command has the following usage pattern:

cc-sign --private-key-file PRIVATE_KEY_FILE --tx-body-file TX_BODY_FILE --out-file FILE_TO_WRITE_WITNESS_TO

The three files (written in all-caps) you need to provide are:

  1. PRIVATE_KEY_FILE replace this with the filepath of your (encrypted) private key file (e.g. ~/private-keys/my-key.private)
  2. TX_BODY_FILE replace this with the filepath where you saved the tx body file (e.g. ~/Downloads/my-tx.body) [!TIP] If you downloaded this file from a web browser (e.g. a Gmail attachment) or from slack, it will likely be in ~/Downloads on MacOS or Linux and C:\Users\Your Name\Downloads on Windows.
  3. FILE_TO_WRITE_WITNESS_TO this is the file path where the resulting witness will be saved (e.g. ~/my-tx.witness) [!TIP] It is a good idea to give the witness file a name that associates it with A) who signed it and B) the transaction. For example, if your name is John Doe and the tx body file you signed was my-tx.body then name the file my-tx-john-doe.witness.

The tool will first prompt you to enter the pass phrase for your private key file in order to decrypt it. Type the password and hit Enter/return. It will then print a sequence of summary items that describes what the transaction does and prompt you to confirm each one. To confirm, type the letter y and hit enter/return. Finally it will prompt you if you want to sign. Type y once more and hit enter and it will write your signature to the file you provided for the --out-file argument. Send this witness file back to the orchestrator who sent you the transaction.

Documentation

User manual: https://credential-manager.readthedocs.io

About

Credential and Identity management script for Constitutional Committee memebrs backed by X.509 certificates

credential-manager.readthedocs.io/en/latest/

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

2 stars

Watchers

5 watching

Forks

4 forks
Report repository

Releases 1

0.1.1.0 Latest
Sep 4, 2024

Contributors 6

Languages