Plumb Key Management

Plumb (it’s HLE part) uses gRPC certificates for user and host authentication. Plumb administrator creates all certificates: first CA certificate and key, then proxy cert/key, then cert/key for each client. The latter ones are given to each client and they must store them safely.

There is a convenience script included with the Plumb distribution that simplifies certificate management. It’s located in lander_hard_link_emulation/scripts/cert_ctl.sh

For the rest of this guide, we’ll assume that the current working directory is lander_hard_link_emulation/

Creating CA key and certificate

scripts/cert_ctl.sh CERTKEYDIR setup

Change CERTKEYDIR to the name of an existing directory where you’ll store your keys. You will be repeatedly prompted for a passphrase to encrypt the key.

Create proxy key and certificate

scripts/cert_ctl.sh CERTKEYDIR create server HOSTNAME_FQDN

Where CERTKEYDIR is the directory you specified above and HOSTNAME_FQDN is the fully qualified domain name of the server running hled (hard-link emulation daemon).

Create user key and certificate

This step needs to be performed for each new user of the HLE/Plumb.

scripts/cert_ctl.sh CERTKEYDIR create USERNAME USERNAME

User USERNAME need to copy USERNAME{.crt,.csr,.key,.key.pem,_chain}, roots.pem, server.crt to their CERTKEYDIR and rename USERNAME to client, e.g. client.crt, client.csr, etc.