Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Setup ¶
func Setup( port, keyAuth string, ca ca.CertificateAuthority, tpm tpm2.TrustedPlatformModule) ([]byte, error)
Setup initializes the enroll-01 challenge by creating the key authorization and placing it as the TCG-CSR-IDEVID qualifying data during key certification, and starts a new HTTP server with the required challenge handlers.
func Verify ¶
func Verify( resolver *net.Resolver, ca ca.CertificateAuthority, domain, port, token, keyAuth string) error
Verifies the enroll-01 challenge by performing an HTTP request to the /.well-known/acme-challenge/<token> endpoint to receive the TCG-CSR-IDEVID. The TCG-CSR-IDEVID is then verified by the Certificate Authority and a new secret credential is created using TPM2_MakeCredential. The credential is sent to the client at /.well-known/acme-activation/<token> for activation using TPM2_ActivateCredential. Upon returning a 200 OK status code and decrypted secret credential, the challenge is complete and the enroll-01 HTTP challenge service is shutdown. Upon successful completion of this challenge, the client has verified that it is in possession of the private keys used in the request and that the keys reside in an authentic TPM.
Types ¶
This section is empty.
Source Files