...
1CT Witness
2==============
3
4The witness is an HTTP service that stores STHs it has seen from
5a configurable list of Certificate Transparency logs in a sqlite database. This
6is a lightweight way to help detect or even prevent split-view attacks. An
7overview of witnessing can be found in
8[trillian-examples](https://github.com/google/trillian-examples/tree/master/witness),
9along with "generic" witness implementations. This witness is designed to be
10compatible with the specific formats used by CT.
11
12Once up and running, the witness provides three API endpoints (as defined in
13[api/http.go](api/http.go)):
14- `/ctwitness/v0/logs` returns a list of all logs for which the witness is
15 currently storing an STH.
16- `/ctwitness/v0/logs/<logid>/update` acts to update the STH stored for `logid`.
17- `/ctwitness/v0/logs/<logid>/sth` returns the latest STH for `logid`.
18
19Running the witness
20--------------------
21
22Running the witness is as simple as running `go run ./cmd/witness/main.go` from
23this directory, with the following flags:
24- `listen`, which specifies the address and port to listen on.
25- `db_file`, which specifies the desired location of the sqlite database. The
26 use of sqlite limits the scalability and reliability of the witness (because
27 this is a local file), so if that is required a different database backend
28 would be needed.
29- `config_file`, which specifies configuration information for the logs. This
30 repository contains a [sample configuration file](cmd/witness/example.conf),
31 and in general it is necessary to specify the following fields for each log:
32 - `logID`, which is the alphanumeric identifier for the log.
33 - `pubKey`, which is the base64-encoded public key of the log.
34 Both of these fields should be populated using an "official"
35 [CT log list](https://www.gstatic.com/ct/log_list/v3/log_list.json).
36- `private_key`, which specifies the private signing key of the witness. In its
37 current state the witness does not sign STHs so this can exist in any form.
View as plain text