Home Explore Help
Sign In
cesar
/
cdk
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: main
Branches Tags
cdk
/
crates
/
cdk-mint-rpc
thesimplekid 7b7def17ee chore: release v0.7.1 1 month ago
..
src 47ee54d7f5 feat: mint management rpc server and client cli 1 month ago
Cargo.toml 7b7def17ee chore: release v0.7.1 1 month ago
README.md 47ee54d7f5 feat: mint management rpc server and client cli 1 month ago
build.rs 47ee54d7f5 feat: mint management rpc server and client cli 1 month ago
generate_certs.sh 47ee54d7f5 feat: mint management rpc server and client cli 1 month ago

README.md

Cashu Mint Management RPC

This crate is a grpc client and server to control and manage a cdk mint. This crate exposes a server complnate that can be imported as library compontant, see its usage in cdk-mintd. The client can be used as a cli by running cargo r --bin cdk-mint-cli.

The server can be run with or without certificate authentication. For running with authentication follow the below steps to create certificates.

gRPC TLS Certificate Generation Guide

This guide explains how to generate the necessary TLS certificates for securing gRPC communication between client and server.

Overview

The script generates the following certificates and keys:

  • Certificate Authority (CA) certificate and key
  • Server certificate and key
  • Client certificate and key

All certificates are generated in PEM format, which is commonly used in Unix/Linux systems.

Prerequisites

  • OpenSSL installed on your system
  • Bash shell environment

Generated Files

The script will create the following files:

  • ca.key - Certificate Authority private key
  • ca.pem - Certificate Authority certificate
  • server.key - Server private key
  • server.pem - Server certificate
  • client.key - Client private key
  • client.pem - Client certificate

Usage

  1. Save the script as generate_certs.sh

  2. Make it executable:

    chmod +x generate_certs.sh

  3. Run the script:

    ./generate_certs.sh

Certificate Details

Certificate Authority (CA)

  • 4096-bit RSA key
  • Valid for 365 days
  • Used to sign both server and client certificates

Server Certificate

  • 4096-bit RSA key
  • Valid for 365 days
  • Includes Subject Alternative Names (SAN):
    • DNS: localhost
    • DNS: my-server
    • IP: 127.0.0.1

Client Certificate

  • 4096-bit RSA key
  • Valid for 365 days
  • Used for client authentication

Verification

The script includes verification steps to ensure the certificates are properly generated:

# Verify server certificate
openssl verify -CAfile ca.pem server.pem

# Verify client certificate
openssl verify -CAfile ca.pem client.pem

Security Notes

  1. Keep private keys (*.key files) secure and never share them
  2. The CA certificate (ca.pem) needs to be distributed to both client and server
  3. Server needs:
    • server.key
    • server.pem
    • ca.pem
  4. Client needs:
    • client.key
    • client.pem
    • ca.pem