Very simple REST microservice exposing basic OpenSSL Public/Private key encryption methods. Generates and stores its own pub/private keys in a sqlite DB.
PubkeyREST is a Sinatra Ruby application. You will need ruby and bundler installed.
Run the following to get started:
bundle
# Set your variables
export HTTP_BASIC_USER=user
export HTTP_BASIC_PASS=pass
export PRIVATE_KEY_PASSPHRASE=SomeSillyPassphraseToProtectThePrivateKeys
bundle exec ruby main.rb -s Puma
If all goes well, you should be able to navigate a browser to http://localhost:4567.
PRIVATE_KEY_ACCESSIBLE=false
SQLITE_FILE_LOCATION=
# if unset, the private keys will be stored with no encryption in the SQLiteDB
## WARNING - after creating keys, do NOT change this or lose this
## passphrase or all your keys will be INACCESSIBLE!
PRIVATE_KEY_PASSPHRASE=
# Basic HTTP Auth if so desired; if not set, no authentication required
HTTP_BASIC_USER=
HTTP_BASIC_PASS=
You can also utilize docker to run this microservice:
docker build -t pubkeyrest:1.0 .
docker run -d --name pubkeyrest -p 4567:4567 pubkeyrest:1.0
docker-compose.yml:
version: '3.3'
services:
pubkeyrest:
container_name: pubkeyrest
build: https://github.com/jonmchan/PubkeyREST.git
environment:
HTTP_BASIC_USER: someuser
HTTP_BASIC_PASS: somepass
PRIVATE_KEY_PASSPHRASE: SomethingReallySecureAndSomewhatLong
volumes:
- pubkeydata:/data
ports:
- "4567:4567"
volumes:
pubkeydata: {}
Creates a new keypair
curl --user "user:pass" -d '{"name":"test"}' -H "Content-Type: application/json" http://localhost:4567/
Retrieves the id and name of the keypair.
curl --user "user:pass" http://localhost:4567/1
Retrieves the public key of the keypair.
curl --user "user:pass" http://localhost:4567/1/public_key
Returns the SHA256 checksum of the private key for validating key integrity.
curl --user "user:pass" http://localhost:4567/1/checksum
Retrieves the private key of the keypair
curl --user "user:pass" http://localhost:4567/1/private_key
Signs the passed in payload.
Payload as String:
curl -v --user "user:pass" -d '{"payload":"Hello"}' -H "Content-Type: application/json" -X POST http://localhost:4567/1/sign
Payload as Array:
curl -v --user "user:pass" -d '{"payload":["Hello", "this","test","works"]}' -H "Content-Type: application/json" -X POST http://localhost:4567/1/sign
Verifies a signature and a given document. Must pass in payload as a hash with a signature and document element.
Single Payload:
curl -v --user "user:pass" -d '{"payload": {"signature":"..signature_hash..","document":"Hello"}}' -H "Content-Type: application/json" -X POST http://localhost:4567/1/verify
Multiple Payloads:
curl -v --user "user:pass" -d '{"payload": [{"signature":"..signature_hash..","document":"Hello"},{"signature":"..signature_hash..","document":"this"},{"signature":"..signature_hash..","document":"test"}]}' -H "Content-Type: application/json" -X POST http://localhost:4567/1/verify
Encrypts the passed in payload.
Payload as String:
curl -v --user "user:pass" -d '{"payload":"Hello"}' -H "Content-Type: application/json" -X POST http://localhost:4567/1/encrypt
Payload as Array:
curl -v --user "user:pass" -d '{"payload":["Hello", "this","test","works"]}' -H "Content-Type: application/json" -X POST http://localhost:4567/1/encrypt
Decrypts the passed in payload.
Payload as String:
curl -v --user "user:pass" -d '{"payload":"encryptedstring"}' -H "Content-Type: application/json" -X POST http://localhost:4567/1/decrypt
Payload as Array:
curl -v --user "user:pass" -d '{"payload":["encryptedstring1", "encryptedstring2","encryptedstring3","encryptedstring4"]}' -H "Content-Type: application/json" -X POST http://localhost:4567/1/decrypt
Payload can be either a string to validate a single payload or an array of strings. For array, each string element will be acted upon independently and the return value will be in a corresponding array.