camanager


Namecamanager JSON
Version 0.2.5 PyPI version JSON
download
home_pagehttps://github.com/mneitsabes/camanager
SummaryCertificate Authority Manager
upload_time2023-01-30 19:13:35
maintainer
docs_urlNone
authormneitsabes
requires_python>=3.6
license
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            
CAManager stands for Certificate Authority Manager. With to this tool, you can :

- list and view the metadata of all your certificates
- generate a new certificate
- sign a Certificate Signing Request
- export a certificate in PEM or PCKS#12 format (.p12)
- renew a certificate
- make a backup or a restore of the CA vault


# Installation

    pip3 install camanager

# Security

- If you generate a certificate with the tool, the private key is kept in the vault
- The vault is a SQLite3 DB, all private keys are encrypted with AES-256. The master key is encrypted with a derived password of the user (PBKDF2-SHA512) 
- Passwords are requested via secure input
- No network communication

# Initial setup for the first usage

This tool doesn't generate the Certificate Authority. You must already have one or generate a new one 
([step by step guide](CREATE_CA.md)).

Once you have the Certificate Authority private and public keys, run `camanager setup`:

    $ python -m camanager setup
    Enter the password that will be used to encrypt the CA vault : [secure input, nothing will appear]
    Confirm it : [same]
    Paste your CA certificate in PEM format :
    [paste here]
    Paste your CA key in PEM format :
    [paste here]
    The vault has been successfully created.

The tool verifies that the keys match. If the private key is encrypted using a passphrase, you will be prompted for it.

The vault is saved in the "ca.vault" file of the directory you are in. You must therefore run `camanager` each time 
from the same directory if you want to use the same vault.

# Usage

You can still provide information via arguments. If information is missing, an interactive prompt will occur.

## Backup the vault

    python -m camanager backup

## Restore a backup vault

    python -m camanager restore

## List certificates

    python -m camanager [--all | --soon-expired]

- `--all` : show also the revoked/expired/renewed certificates
- `--soon-expired` : show only soon expired (less than 1 month) certificates

## Generate a new certificate

**Warning :** normally, a certificate is generated on the server and a Certificate Signing Request is generated for 
the CA.

    python -m camanager --newcert [--cn CN] [--san SAN] [--keysize <1024|2048|4096>] [--hash <sha1|sha256|sha512>]

- `--cn` : the Command Name
- `--san` : the Subject Alternative Name
- `--keysize` : the keysize : 2014, 2048 or 4096
- `--hash` : the hash algorithm : sha1, sha256 or sha512

## Sign a CSR

    python -m camanager --sign [--cn CN] [--san SAN] [csr_file]

- `--cn` : the overridden Command Name
- `--san` : the overridden  Subject Alternative Name
- `csr_file` : the Certificate Signin Request file

## Export

    python -m camanager --export --pem|--p12 [--out output_file] [certificate CN or ID]

- `--pem` or `--p12` : the output format
- `--out` : the output file
- `certificate CN or ID` : the Common Name or certificate ID that you want to export

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/mneitsabes/camanager",
    "name": "camanager",
    "maintainer": "",
    "docs_url": null,
    "requires_python": ">=3.6",
    "maintainer_email": "",
    "keywords": "",
    "author": "mneitsabes",
    "author_email": "",
    "download_url": "https://files.pythonhosted.org/packages/13/44/787e622974dbd1aa28581c1c72d0aa0ac5dbd5acacd1e42e81e0a5cde03a/camanager-0.2.5.tar.gz",
    "platform": null,
    "description": "\r\nCAManager stands for Certificate Authority Manager. With to this tool, you can :\r\n\r\n- list and view the metadata of all your certificates\r\n- generate a new certificate\r\n- sign a Certificate Signing Request\r\n- export a certificate in PEM or PCKS#12 format (.p12)\r\n- renew a certificate\r\n- make a backup or a restore of the CA vault\r\n\r\n\r\n# Installation\r\n\r\n    pip3 install camanager\r\n\r\n# Security\r\n\r\n- If you generate a certificate with the tool, the private key is kept in the vault\r\n- The vault is a SQLite3 DB, all private keys are encrypted with AES-256. The master key is encrypted with a derived password of the user (PBKDF2-SHA512) \r\n- Passwords are requested via secure input\r\n- No network communication\r\n\r\n# Initial setup for the first usage\r\n\r\nThis tool doesn't generate the Certificate Authority. You must already have one or generate a new one \r\n([step by step guide](CREATE_CA.md)).\r\n\r\nOnce you have the Certificate Authority private and public keys, run `camanager setup`:\r\n\r\n    $ python -m camanager setup\r\n    Enter the password that will be used to encrypt the CA vault : [secure input, nothing will appear]\r\n    Confirm it : [same]\r\n    Paste your CA certificate in PEM format :\r\n    [paste here]\r\n    Paste your CA key in PEM format :\r\n    [paste here]\r\n    The vault has been successfully created.\r\n\r\nThe tool verifies that the keys match. If the private key is encrypted using a passphrase, you will be prompted for it.\r\n\r\nThe vault is saved in the \"ca.vault\" file of the directory you are in. You must therefore run `camanager` each time \r\nfrom the same directory if you want to use the same vault.\r\n\r\n# Usage\r\n\r\nYou can still provide information via arguments. If information is missing, an interactive prompt will occur.\r\n\r\n## Backup the vault\r\n\r\n    python -m camanager backup\r\n\r\n## Restore a backup vault\r\n\r\n    python -m camanager restore\r\n\r\n## List certificates\r\n\r\n    python -m camanager [--all | --soon-expired]\r\n\r\n- `--all` : show also the revoked/expired/renewed certificates\r\n- `--soon-expired` : show only soon expired (less than 1 month) certificates\r\n\r\n## Generate a new certificate\r\n\r\n**Warning :** normally, a certificate is generated on the server and a Certificate Signing Request is generated for \r\nthe CA.\r\n\r\n    python -m camanager --newcert [--cn CN] [--san SAN] [--keysize <1024|2048|4096>] [--hash <sha1|sha256|sha512>]\r\n\r\n- `--cn` : the Command Name\r\n- `--san` : the Subject Alternative Name\r\n- `--keysize` : the keysize : 2014, 2048 or 4096\r\n- `--hash` : the hash algorithm : sha1, sha256 or sha512\r\n\r\n## Sign a CSR\r\n\r\n    python -m camanager --sign [--cn CN] [--san SAN] [csr_file]\r\n\r\n- `--cn` : the overridden Command Name\r\n- `--san` : the overridden  Subject Alternative Name\r\n- `csr_file` : the Certificate Signin Request file\r\n\r\n## Export\r\n\r\n    python -m camanager --export --pem|--p12 [--out output_file] [certificate CN or ID]\r\n\r\n- `--pem` or `--p12` : the output format\r\n- `--out` : the output file\r\n- `certificate CN or ID` : the Common Name or certificate ID that you want to export\r\n",
    "bugtrack_url": null,
    "license": "",
    "summary": "Certificate Authority Manager",
    "version": "0.2.5",
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "99f3a453d2d3f674b8eeb3ed341361d737739abdff7053c305f073d08d561721",
                "md5": "fadac810fddcd6f63826c814634eb7cd",
                "sha256": "8b1c18a4770b715b39b266fbb532af948b2d25d0ec9586514bcbc3a4c6b0cbe2"
            },
            "downloads": -1,
            "filename": "camanager-0.2.5-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "fadac810fddcd6f63826c814634eb7cd",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.6",
            "size": 21181,
            "upload_time": "2023-01-30T19:13:33",
            "upload_time_iso_8601": "2023-01-30T19:13:33.467463Z",
            "url": "https://files.pythonhosted.org/packages/99/f3/a453d2d3f674b8eeb3ed341361d737739abdff7053c305f073d08d561721/camanager-0.2.5-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "1344787e622974dbd1aa28581c1c72d0aa0ac5dbd5acacd1e42e81e0a5cde03a",
                "md5": "c2fce4b816a552ca320edec8106a538a",
                "sha256": "dd260cb848780234ebcf2679971a4e44dfe953d24c32963aae3fbf116bb25af9"
            },
            "downloads": -1,
            "filename": "camanager-0.2.5.tar.gz",
            "has_sig": false,
            "md5_digest": "c2fce4b816a552ca320edec8106a538a",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.6",
            "size": 20226,
            "upload_time": "2023-01-30T19:13:35",
            "upload_time_iso_8601": "2023-01-30T19:13:35.691538Z",
            "url": "https://files.pythonhosted.org/packages/13/44/787e622974dbd1aa28581c1c72d0aa0ac5dbd5acacd1e42e81e0a5cde03a/camanager-0.2.5.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-01-30 19:13:35",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "github_user": "mneitsabes",
    "github_project": "camanager",
    "lcname": "camanager"
}
        
Elapsed time: 0.70685s