Rafiki is a CLI tool for securely storing SSL and RSA files in a local SQLite3 Database. Imported files are first encrypted using openPGP and then stored in the database along with an identifying key (ie. CommonName for CSRs, MD5 for RSA, etc..)
The database will be created when Rafiki is run for the first time and can be re-located and referenced by Rafiki using the --db flag.
Note: The term 'key' is used throughout to refer to any/all types of files for simplicity's sake.
Ensure that your go bin is setup correctly GO-BIN
then run
go install github.com/adamar/rafiki
./rafiki import --file=/loc/of/file
./rafiki list
./rafiki export
- SQLite v3+
- Go 1.3+
Key Type | Identifier | Supported |
---|---|---|
SSL Certificate | Common Name | Yes |
SSL Certificate Signing Request | Common Name | Yes |
SSL RSA Private Key | MD5 Fingerprint | Yes |
SSL ECDSA Private Key | MD5 Fingerprint | Yes |
SSH RSA Private Key | MD5 Fingerprint | Yes |
SSH DSA Private Key | - | No |
SSH ECDSA Private Key | - | No |
GPG ASCII Armored Private Key | Public Fingerprint | Yes |
Print Public Key Fingerprint
ssh-keygen -lf /path/to/key.pub
Print CSR Info
openssl req -in domain.com.csr -text -noout
Show CSR Public Key
openssl req -in domain.com.csr -noout -pubkey
Show an RSA Key's SHA1 thumbprint
openssl rsa -noout -modulus -in your-private.key | openssl sha1
Show an RSA Key's MD5 thumbprint
openssl rsa -noout -modulus -in your-private.key | openssl md5
- Write more tests
- Add more error checking
- Better text layout
- Print out file details on import & export
- Add sub command to "List" option to filter on key type
- Add API Key file type definition
- Flatten file structure
- CSR FAQ - Certificate Signing Request FAQ