cdk-mint-rpc 0.7.0

CDK mintd mint managment RPC client and server
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93


# Cashu Mint Management RPC

This crate is a grpc client and server to control and manage a cdk mint. This crate exposes a server complnate that can be imported as library compontant, see its usage in `cdk-mintd`. The client can be used as a cli by running `cargo r --bin cdk-mint-cli`.

The server can be run with or without certificate authentication. For running with authentication follow the below steps to create certificates.


# gRPC TLS Certificate Generation Guide

This guide explains how to generate the necessary TLS certificates for securing gRPC communication between client and server.

## Overview

The script generates the following certificates and keys:
- Certificate Authority (CA) certificate and key
- Server certificate and key
- Client certificate and key

All certificates are generated in PEM format, which is commonly used in Unix/Linux systems.

## Prerequisites

- OpenSSL installed on your system
- Bash shell environment

## Generated Files

The script will create the following files:
- `ca.key` - Certificate Authority private key
- `ca.pem` - Certificate Authority certificate
- `server.key` - Server private key
- `server.pem` - Server certificate
- `client.key` - Client private key
- `client.pem` - Client certificate

## Usage

1. Save the script as `generate_certs.sh`
2. Make it executable:
   ```bash
   chmod +x generate_certs.sh
   ```
3. Run the script:
   ```bash
   ./generate_certs.sh
   ```

## Certificate Details

### Certificate Authority (CA)
- 4096-bit RSA key
- Valid for 365 days
- Used to sign both server and client certificates

### Server Certificate
- 4096-bit RSA key
- Valid for 365 days
- Includes Subject Alternative Names (SAN):
  - DNS: localhost
  - DNS: my-server
  - IP: 127.0.0.1

### Client Certificate
- 4096-bit RSA key
- Valid for 365 days
- Used for client authentication


## Verification

The script includes verification steps to ensure the certificates are properly generated:
```bash
# Verify server certificate
openssl verify -CAfile ca.pem server.pem

# Verify client certificate
openssl verify -CAfile ca.pem client.pem
```

## Security Notes

1. Keep private keys (*.key files) secure and never share them
2. The CA certificate (ca.pem) needs to be distributed to both client and server
3. Server needs:
   - server.key
   - server.pem
   - ca.pem
4. Client needs:
   - client.key
   - client.pem
   - ca.pem