DeCA is a decentralized Public Key Infrastructure (PKI) framework fully compatible with the X.509 standard. It performs all essential PKI functions, including registering, confirming, revoking, and verifying TLS certificates, while leveraging decentralized technologies to enhance security and resilience.
- Full Compatibility: DeCA integrates seamlessly with the existing X.509 PKI standard, ensuring smooth interoperability by storing, issuing, and verifying certificates in X.509 format.
- Decentralized Storage: Utilizes IPFS and FVM for tamper-proof, decentralized storage of certificates, protecting against third-party attacks and rogue certificates.
- High Security: Eliminates single points of failure by decentralizing the CA pool, enhancing the overall security of the PKI system.
Traditional PKI systems rely heavily on centralized Certificate Authorities (CAs), which pose significant security risks as single points of failure. Historical breaches and the spread of rogue certificates highlight the vulnerabilities of centralized CAs.
DeCA addresses these issues by decentralizing the CA pool while maintaining compatibility with the established X.509 PKI standard, ensuring robust and secure real-world integration.
The DeCA framework utilizes IPFS and FVM technologies to provide a decentralized PKI system. Key components include:
- Data Synchronization: Ensures efficient and low-latency synchronization of basic data among decentralized CA groups.
- Decentralized Storage: Certificates are stored in a tamper-proof, decentralized manner, leveraging IPFS and FVM to prevent third-party attacks.
To install DeCA, use the following commands:
$ go get github.com/FlowShield/deca
$ make
$ bin/ca tls -c configs/config.tomlTo install the DeCA SDK, use:
$ go get github.com/FlowShield/decaThe classic use case of the DeCA SDK involves clients and servers utilizing certificates issued by the CA Center for encrypted communication. For detailed usage, refer to our SDK Examples.
This project is licensed under the Apache License 2.0. See the LICENSE file for details.
We welcome contributions from the community! Please refer to our CONTRIBUTING guidelines for more information.