clevis-rs
This crate is an implementation of the clevis client to the Tang protocol used for generating encryption keys.
This project is NOT officially associated with Latchset, publisher of Clevis and Tang.
This crate is a work in progress.
Tang
The basic operations path is taken from the Tang specification. In short, the encrypting client must:
- Request a public key with
GET /adv. This returns a JWK set as a JWS - Verify the integrity of the received JWS using the included
verifykey
The config can specify:
- Tang URL
- Thumbprint
The URL specifies which server to query, while the thumbprint specifies a preferred key.
Licensing
Since this project takes heavy influence from the original clevis, it retains the GPLv3 license.