plexi 0.1.0

A flexible auditor companion client
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

# Plexi

![Plexi banner](../docs/assets/plexi_banner.png)

Plexi is a flexible auditor for [Key Transparency systems](https://blog.cloudflare.com/key-transparency).

## Tables of Content

* [Features](#features)
* [Installation](#installation)
* [Usage](#usage)
  * [Configure your auditor remote](#configure-your-auditor-remote)
  * [List monitored Logs](#list-monitored-logs)
  * [Audit a signature](#audit-a-signature)
* [Conduct](#conduct)
* [License](#license)

## Features

* Verify authenticity of a signature, to confirm it has been signed by a given public key
* Verify the validity of [facebook/akd](https://github.com/facebook/akd) proofs
* List Logs an Auditor monitors

## Installation

| Environment                                                   | CLI Command           |
|:--------------------------------------------------------------|:----------------------|
| [Cargo](https://www.rust-lang.org/tools/install) (Rust 1.76+) | `cargo install plexi` |

## Usage

Use the `--help` option for more details about the commands and their options.

```bash
plexi [OPTIONS] <COMMAND>
```

### Configure your auditor remote

`plexi` does not come with a default remote auditor, and you will need to choose your own. 

You can do so either by passing `--remote-url=<REMOTE>` or setting the `PLEXI_REMOTE_URL` environment variable.

A common remote is provided below:

| Name       | Remote                                          |
|:-----------|:------------------------------------------------|
| Cloudflare | `https://plexi.key-transparency.cloudflare.com` |

If you have deployed your own auditor, you can add a remote by filing a [GitHub issue](https://github.com/cloudflare/plexi/issues).

### List monitored Logs

An auditor monitors multiple Logs at once. To discover which Logs an auditor is monitoring, run the following:

```shell
plexi ls --remote-url 'https://plexi.key-transparency.cloudflare.com'
whatsapp.key-transparency.v1
```

### Audit a signature

The Key Transparency Auditor vouches for Log validity by ensuring epoch uniqueness. and verifying the associated proof

`plexi audit` provides information about a given epoch and its validity. It can perform a local audit to confirm the auditor behaviour.

For instance, to verify WhatsApp Log auditted by Cloudflare Auditor, run the following:
```shell
> plexi audit --remote-url 'https://plexi.key-transparency.cloudflare.com' --namespace 'whatsapp.key-transparency.v1' --long
Namespace: whatsapp.key-transparency.v1
Ciphersuite: ed25519(protobuf)
Timestamp: 2024-09-19T09:59:44Z
Epoch height: 476847
Epoch digest: 9d217c91dc629d16a3b1379e8fd7c949c27b1b6038259e3918bd0da3cd6c34d1
Signature: e4c83e3091ba8764752120bd7a726a28759d25a01f39d07131d6ba66a913d58d8f0f48f63bc7e037cc5ddd81dc76acc847dbf8d02b2f55251e6f2b1f00191902
Verification: success
```

## Conduct

Plexi and Cloudflare OpenSource generally follows the [Contributor Covenant Code of Conduct](https://github.com/cloudflare/.github/blob/26b37ca2ba7ab3d91050ead9f2c0e30674d3b91e/CODE_OF_CONDUCT.md). Violating the CoC could result in a warning or a ban to Plexi or any and all repositories in the Cloudflare organization.

## License
This project is Licensed under [Apache License, Version 2.0](../LICENSE).