Cryptosaur is an engine in the Arcology module responsible for cryptographic security. This engine only runs on Arcology Prime.

Messages

Certificates

Cryptosaur.setCertificate
Cryptosaur.setCertificate {type} {PEM-data}

This message sets a certificate for the given type and name. The only supported type is pemCertAndKey. The PEM-encoded certificate must include, at minimum, the certificate and the private key. It may additionally contain the certificate chain.

Tables

Cryptosaur creates the following tables at start up.

Arc.certificates

The Arc.certificates table stores SSL certificates for use by Esper (the socket engine) to communicate via HTTPS. Eventually it might store other kinds of certificates.

The table is indexed by type and by name. The only supported type is sslCertificate. The name is the domain name for this certificate.

The table stores structs of the following form:

{
   type: 'sslCertificate
   name: "multiverse.kronosaur.com"          // The domain (CN of subject)
   certificates: {array of CERT structs}     // The domain's certificate chain
   privateKey: KEY struct                    // The private key
   }

A CERT has the following format:

{
   type: 'X509
   name: "multiverse.kronosaur.com"
   subject: {DN of subject}
   issuer: {DN of issuer}
   data: {PEM encoded string}
   }

A KEY has the following format:

{
   type: 'keyEnvelope
   data: {PEM encoded string}
   }