diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index f32af6cc..4861d784 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -11,15 +11,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true # Fetch Hugo themes fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod - name: Setup Hugo - uses: peaceiris/actions-hugo@v2 + uses: peaceiris/actions-hugo@v3 with: - hugo-version: '0.110.0' + hugo-version: '0.125.0' + extended: true - name: Build run: hugo --gc --minify -s docs/ --templateMetrics --templateMetricsHints --verbose --verboseLog --buildDrafts --buildExpired --buildFuture --forceSyncStatic diff --git a/.gitmodules b/.gitmodules index 703852f5..aa554f0e 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ [submodule "docs/themes/hugo-theme-relearn"] path = docs/themes/hugo-theme-relearn - url = https://github.com/rotationalio/hugo-theme-relearn.git + url = https://github.com/McShelby/hugo-theme-relearn diff --git a/docs/content/_index.de.md b/docs/content/_index.de.md index d5b531d4..93caf8de 100644 --- a/docs/content/_index.de.md +++ b/docs/content/_index.de.md @@ -1,14 +1,13 @@ --- -Title: Startseite +title: TRISA-Entwicklerdokumentation date: 2020-12-24T07:58:37-05:00 lastmod: 2021-10-08T15:17:08-05:00 description: "TRISA-Entwicklerdokumentation" weight: 0 --- -# TRISA - [![Go Reference](https://pkg.go.dev/badge/github.com/trisacrypto/trisa/pkg.svg)](https://pkg.go.dev/github.com/trisacrypto/trisa/pkg) + [![Go Report Card](https://goreportcard.com/badge/github.com/trisacrypto/trisa)](https://goreportcard.com/report/github.com/trisacrypto/trisa) Das Ziel der Travel Rule Information Sharing Architecture (TRISA) ist es, die Einhaltung der FATF- und FinCEN-Reiseregeln für Kryptowährungs-Transaktionsidentitätsinformationen zu ermöglichen, ohne die Kernprotokolle der Blockchain zu verändern und ohne erhöhte Transaktionskosten zu verursachen oder die Peer-to-Peer-Transaktionsflüsse virtueller Währungen zu verändern. Das TRISA-Protokoll und die Spezifikation werden von der [TRISA Working Group](https://trisa.io) definiert; um mehr über die Spezifikation zu erfahren, [lesen Sie bitte die aktuelle Version des TRISA-Whitepapers](https://trisa.io/trisa-whitepaper/). diff --git a/docs/content/_index.en.md b/docs/content/_index.en.md index 09b71715..cb0ceced 100644 --- a/docs/content/_index.en.md +++ b/docs/content/_index.en.md @@ -1,14 +1,13 @@ --- -title: Home +title: TRISA Developer Documentation date: 2020-12-24T07:58:37-05:00 lastmod: 2022-08-10T13:22:20-04:00 description: "TRISA Developer Documentation" weight: 0 --- -# TRISA - [![Go Reference](https://pkg.go.dev/badge/github.com/trisacrypto/trisa/pkg.svg)](https://pkg.go.dev/github.com/trisacrypto/trisa/pkg) + [![Go Report Card](https://goreportcard.com/badge/github.com/trisacrypto/trisa)](https://goreportcard.com/report/github.com/trisacrypto/trisa) {{< rawhtml >}} @@ -17,6 +16,10 @@ weight: 0 {{< /rawhtml >}} +{{% notice style="primary" title="TRISA Envoy: An Open Source Node" icon="meteor" %}} +TRISA has released an open source node called "Envoy" that may help your organization quickly get up and running with both the TRISA and TRP protocols. If you're interested, [schedule a demo today](https://rtnl.link/p2WzzmXDuSu)! +{{% /notice %}} + The goal of the Travel Rule Information Sharing Architecture (TRISA) is to enable compliance with the FATF and FinCEN Travel Rules for cryptocurrency transaction identity information without modifying core blockchain protocols, and without diff --git a/docs/content/_index.fr.md b/docs/content/_index.fr.md index f8c3db0f..7004e8b2 100644 --- a/docs/content/_index.fr.md +++ b/docs/content/_index.fr.md @@ -1,14 +1,13 @@ --- -title: Accueil +title: Documentation du Développeur TRISA date: 2020-12-24T07:58:37-05:00 lastmod: 2021-10-13T14:33:07-05:00 description: "Documentation pour les développeurs TRISA" weight: 0 --- -# TRISA - [![Go Reference](https://pkg.go.dev/badge/github.com/trisacrypto/trisa/pkg.svg)](https://pkg.go.dev/github.com/trisacrypto/trisa/pkg) + [![Go Report Card](https://goreportcard.com/badge/github.com/trisacrypto/trisa)](https://goreportcard.com/report/github.com/trisacrypto/trisa) L'objectif de l'architecture de partage d'informations sur les règles de voyage (TRISA) est de permettre la mise en conformité avec les règles de voyage du GAFI et du FinCEN pour les informations d'identité des transactions en crypto-monnaies sans modifier les protocoles de base de la blockchain, et sans encourir de coûts de transaction accrus ni modifier les flux de transaction P2P en monnaie virtuelle. Le protocole et la spécification TRISA sont définis par le [groupe de travail TRISA](https://trisa.io) ; pour en savoir plus sur la spécification, [veuillez lire la version actuelle du livre blanc TRISA](https://trisa.io/trisa-whitepaper/). diff --git a/docs/content/_index.ja.md b/docs/content/_index.ja.md index c6479a8f..289311e7 100644 --- a/docs/content/_index.ja.md +++ b/docs/content/_index.ja.md @@ -1,16 +1,16 @@ --- -title: ホームページ +title: TRISA 開発者向けドキュメント date: 2020-12-24T07:58:37-05:00 lastmod: 2021-10-15T14:35:53-05:00 description: "TRISA デベロッパードキュメント" weight: 0 --- -## TRISA - [![Go Reference](https://pkg.go.dev/badge/github.com/trisacrypto/trisa/pkg.svg)](https://pkg.go.dev/github.com/trisacrypto/trisa/pkg) + [![Go Report Card](https://goreportcard.com/badge/github.com/trisacrypto/trisa)](https://goreportcard.com/report/github.com/trisacrypto/trisa) + トラベルルール情報共有アーキテクチャ(TRISA)の目標は、コアブロックチェーンプロトコルを変更したり、トランザクションコストを増加させたり、仮想通貨のピアツーピアトランザクションを変更したりすることなく、暗号通貨トランザクションID情報のFATFおよびFinCENトラベルルールへの準拠を可能にすることです流れ。TRISAプロトコルと仕様は、[TRISAワーキンググループ](https://trisa.io) によって定義されています。 仕様の詳細については、[現在のバージョンのTRISAホワイトペーパーをお読みください](https://trisa.io/trisa-whitepaper/)。 このサイトには、[github.com/trisacrypto/trisa](https://github.com/trisacrypto/trisa) にあるTRISAプロトコルとリファレンス実装の開発者向けドキュメントが含まれています。 TRISAプロトコルは[gRPC API](https://grpc.io/) として定義されており、トラベルルールを実装する必要のある仮想資産サービスプロバイダー(VASP)間で、言語に依存しない高性能のピアツーピアサービスを促進しますコンプライアンスソリューション。 APIとメッセージ交換の形式はどちらも、[`protos`ディレクトリ](https://github.com/trisacrypto/trisa/tree/main/proto) にある[protocol buffers](https://developers.google.com/protocol-buffers) を介して定義されます。リポジトリの 。さらに、[Goプログラミング言語](https://golang.org/) のリファレンス実装が [`pkg`ディレクトリ](https://github.com/trisacrypto/trisa/tree/main/proto) で利用できるようになりました。 リポジトリの。将来的には、リポジトリの[`lib`ディレクトリ](https://github.com/trisacrypto/trisa/tree/main/lib) にある特定の言語のライブラリコードとして他の実装が利用できるようになる予定です。 diff --git a/docs/content/_index.zh.md b/docs/content/_index.zh.md index 03773e61..d182403e 100644 --- a/docs/content/_index.zh.md +++ b/docs/content/_index.zh.md @@ -1,14 +1,13 @@ --- -title: 主页 +title: TRISA 开发者文档 date: 2020-12-24T07:58:37-05:00 lastmod: 2021-10-13T15:10:04-05:00 description: "TRISA开发人员文档" weight: 0 --- -# TRISA - [![Go Reference](https://pkg.go.dev/badge/github.com/trisacrypto/trisa/pkg.svg)](https://pkg.go.dev/github.com/trisacrypto/trisa/pkg) + [![Go Report Card](https://goreportcard.com/badge/github.com/trisacrypto/trisa)](https://goreportcard.com/report/github.com/trisacrypto/trisa) Travel Rule Information Sharing Architecture (TRISA)的目标是在不修改核心区块链协议、不增加交易成本或修改虚拟货币点对点交易流的情况下,使加密货币交易身份信息符合FATF和FinCEN数据转移规则。TRISA协议和规范由[TRISA工作组](https://trisa.io)定义;欲了解更多有关规范的信息,[请阅读TRISA白皮书的当前版本](https://trisa.io/trisa-whitepaper/)。 diff --git a/docs/content/api/_index.en.md b/docs/content/api/_index.en.md index d5ed35c5..551151b8 100644 --- a/docs/content/api/_index.en.md +++ b/docs/content/api/_index.en.md @@ -3,7 +3,7 @@ title: TRISA Protocol and API date: 2022-07-06T15:08:52-04:00 lastmod: 2022-07-06T15:08:52-04:00 description: "Navigating the Open Source TRISA Code" -weight: 10 +weight: 15 --- This section of the documentation describes the TRISA Protocol and API. @@ -25,7 +25,7 @@ The `pkg` folder contains the reference implementation code, including compiled [^1]: Note that these compiled files are compiled for Golang; but this is certainly not the only option. Those interested in building implementation code in a different language should look to the `lib` folder, which currently contains placeholder folders but is intended to showcase such other implementations (including compiled protocol buffer code for these other languages). -Another integral part of the TRISA protocol is the [Global Directory Service]({{< ref "/gds" >}}), which serves as a look-up tool for TRISA members to identify peers with which they wish to exchange information. For RPC definitions and implementation code related to the Global Directory Service, visit the companion [directory repository](https://github.com/trisacrypto/directory). +Another integral part of the TRISA protocol is the [Global Directory Service]({{% ref "/gds" %}}), which serves as a look-up tool for TRISA members to identify peers with which they wish to exchange information. For RPC definitions and implementation code related to the Global Directory Service, visit the companion [directory repository](https://github.com/trisacrypto/directory). diff --git a/docs/content/api/api.en.md b/docs/content/api/api.en.md index 112c1834..86a42859 100644 --- a/docs/content/api/api.en.md +++ b/docs/content/api/api.en.md @@ -40,9 +40,9 @@ The `Transfer` RPC is a unary RPC for simple, single transactions. The `Transfer ### `SecureEnvelope` -A `SecureEnvelope` is the encrypted transaction envelope that is the outer layer of the TRISA information exchange protocol and facilitates the secure storage of Know Your Client (KYC) data in a transaction. The envelope specifies a unique id to reference the transaction out-of-band (e.g., in the blockchain layer). It provides the necessary information so only the originator and the beneficiary can decrypt the transaction data. For more information about Secure Envelopes, [this section]({{< relref "data/envelopes" >}}) of the documentation further describes this primary data structure for the TRISA exchange. +A `SecureEnvelope` is the encrypted transaction envelope that is the outer layer of the TRISA information exchange protocol and facilitates the secure storage of Know Your Client (KYC) data in a transaction. The envelope specifies a unique id to reference the transaction out-of-band (e.g., in the blockchain layer). It provides the necessary information so only the originator and the beneficiary can decrypt the transaction data. For more information about Secure Envelopes, [this section]({{% relref "data/envelopes" %}}) of the documentation further describes this primary data structure for the TRISA exchange. -A `SecureEnvelope` message contains different types of metadata. [The Anatomy of Secure Envelope]({{< relref "data/envelopes#the-anatomy-of-a-secure-envelope" >}}) section of this documentation further describes the envelope metadata, cryptographic metadata, and an encrypted payload and HMAC signature within the `SecureEnvelope`. +A `SecureEnvelope` message contains different types of metadata. [The Anatomy of Secure Envelope]({{% relref "data/envelopes#the-anatomy-of-a-secure-envelope" %}}) section of this documentation further describes the envelope metadata, cryptographic metadata, and an encrypted payload and HMAC signature within the `SecureEnvelope`. ```proto message SecureEnvelope { @@ -140,7 +140,7 @@ message ServiceState { The implementation of the TRISA Protocol Buffers in Go is compiled using [`protoc`](https://grpc.io/docs/protoc-installation/) when `go generate ./...` is executed in the root of the repository. The [compiled files](https://github.com/trisacrypto/trisa/tree/main/pkg/trisa/api/v1beta1) in the TRISA repository contain the TRISA Network Protocol implemented in Go. -The `TRISANetworkServer` is the server API for `TRISANetwork`, while the `TRISANetworkClient` is the client API for the `TRISANetwork` service. Both contain the `Transfer`, `TransferStream`, `ConfirmAddress`, and `KeyExchange` methods described above as [RPCs]({{< relref "api/api#the-trisanetwork-service" >}}) under the `TRISANetwork` service. +The `TRISANetworkServer` is the server API for `TRISANetwork`, while the `TRISANetworkClient` is the client API for the `TRISANetwork` service. Both contain the `Transfer`, `TransferStream`, `ConfirmAddress`, and `KeyExchange` methods described above as [RPCs]({{% relref "api/api#the-trisanetwork-service" %}}) under the `TRISANetwork` service. ```golang type TRISANetworkClient interface { diff --git a/docs/content/api/protocol.en.md b/docs/content/api/protocol.en.md index 2611c699..bc601989 100644 --- a/docs/content/api/protocol.en.md +++ b/docs/content/api/protocol.en.md @@ -68,7 +68,7 @@ For example, some VASPs have optimized blockchain transactions to group 50-200 p When a Beneficiary VASP receives Travel Rule transfer information from the Originating VASP through the TRISA protocol it may not always be able to respond immediately with any needed corrections or fill in for the missing/incorrect Beneficiary information provided. Thus the Beneficiary VASP should be able to respond back, at a later time, with the correct beneficiary information or provide errors if appropriate e.g., the beneficiary address is not owned by the Beneficiary VASP. -The Beneficiary VASP will return a [control flow response]({{< relref "data/payloads#a-pending-message" >}}) to the transfer message to notify the Originating VASP that they will handle the compliance transfer in an asynchronous manner. The reply is also composed as a secure message with digitally signed timestamps for auditing purposes. Inside of the transaction payload, the Beneficiary VASP will provide additional information about when the Originating VASP can expect a response. The Originating VASP should delay any further action or communication until either the expected time frame expires or they receive a follow-on response from the Beneficiary VASP. +The Beneficiary VASP will return a [control flow response]({{% relref "data/payloads#a-pending-message" %}}) to the transfer message to notify the Originating VASP that they will handle the compliance transfer in an asynchronous manner. The reply is also composed as a secure message with digitally signed timestamps for auditing purposes. Inside of the transaction payload, the Beneficiary VASP will provide additional information about when the Originating VASP can expect a response. The Originating VASP should delay any further action or communication until either the expected time frame expires or they receive a follow-on response from the Beneficiary VASP. ```proto message Pending { diff --git a/docs/content/data/_index.en.md b/docs/content/data/_index.en.md index 19f61281..8f8a1da6 100644 --- a/docs/content/data/_index.en.md +++ b/docs/content/data/_index.en.md @@ -8,10 +8,10 @@ weight: 20 This section of the documentation contains resources for developers who are working with TRISA data, such as: -- **IVMS101**: TRISA uses the IVMS101 standard to describe participants in cryptographic transactions. Learn more in our documentation about working with [IVMS101]({{< ref "/data/ivms" >}}). +- **IVMS101**: TRISA uses the IVMS101 standard to describe participants in cryptographic transactions. Learn more in our documentation about working with [IVMS101]({{% ref "/data/ivms" %}}). -- **SecureEnvelopes**: The primary data structure for a TRISA exchange is the `SecureEnvelope`, a wrapper for compliance payload data that facilitates peer-to-peer trust in compliance information exchanges. Learn more in our documentation about creating and parsing [Secure Envelopes]({{< ref "/data/envelopes" >}}). +- **SecureEnvelopes**: The primary data structure for a TRISA exchange is the `SecureEnvelope`, a wrapper for compliance payload data that facilitates peer-to-peer trust in compliance information exchanges. Learn more in our documentation about creating and parsing [Secure Envelopes]({{% ref "/data/envelopes" %}}). -- **Data Payloads**: A TRISA `Payload` contains information to be securely exchanged for Travel Rule compliance. The payload is serialized and encrypted to be sent in a `SecureEnvelope`. Learn more in our documentation about different types of [Payloads]({{< ref "/data/payloads" >}}) in TRISA. +- **Data Payloads**: A TRISA `Payload` contains information to be securely exchanged for Travel Rule compliance. The payload is serialized and encrypted to be sent in a `SecureEnvelope`. Learn more in our documentation about different types of [Payloads]({{% ref "/data/payloads" %}}) in TRISA. -- **Signing and Sealing Keys**: Your TRISA node will need to handle keys in a variety of formats, such as x.509 certificates on disk or marshaled data when sending keys in TRISA key exchanges. The Key Handler package provides helpful utilities for managing public/private key pairs used for sealing and unsealing `SecureEnvelopes`. Learn more in our documentation about the [Key Handler package]({{< ref "/data/keys" >}}). \ No newline at end of file +- **Signing and Sealing Keys**: Your TRISA node will need to handle keys in a variety of formats, such as x.509 certificates on disk or marshaled data when sending keys in TRISA key exchanges. The Key Handler package provides helpful utilities for managing public/private key pairs used for sealing and unsealing `SecureEnvelopes`. Learn more in our documentation about the [Key Handler package]({{% ref "/data/keys" %}}). \ No newline at end of file diff --git a/docs/content/data/envelopes.en.md b/docs/content/data/envelopes.en.md index 310dd645..04a230db 100644 --- a/docs/content/data/envelopes.en.md +++ b/docs/content/data/envelopes.en.md @@ -27,7 +27,7 @@ There are two basic workflows for secure envelopes: creating and sealing an enve **Prerequisites**: 1. You should have constructed an appropriate TRISA `Payload` that contains an `identity` (an IVMS 101 `IdentityPayload`), a `transaction` (a TRISA generic transaction) and a `sent_at` timestamp (RFC-3339 formatted). -2. You should have the _public sealing key_ of the receipient. You can obtain this key either via the `KeyExchange` RPC or by requesting the key from the [directory service]({{< ref "/gds" >}}). +2. You should have the _public sealing key_ of the receipient. You can obtain this key either via the `KeyExchange` RPC or by requesting the key from the [directory service]({{% ref "/gds" %}}). **Steps**: diff --git a/docs/content/data/payloads.en.md b/docs/content/data/payloads.en.md index 61d6f1b3..03bdaac0 100644 --- a/docs/content/data/payloads.en.md +++ b/docs/content/data/payloads.en.md @@ -27,7 +27,7 @@ message Payload { The `identity` field in a TRISA `Payload` is a protobuf message intended to contain compliance identity information of the Originator and the Beneficiary. It is defined as an [`any`](https://developers.google.com/protocol-buffers/docs/proto3#any); this means that technically, it can be *any* message type. However, to encourage maximum compatibility between yourself and fellow TRISA members, we strongly recommend the use of [IVMS101](https://intervasp.org). -For help marshaling and unmarshaling [IVMS101 identity payloads]({{< relref "data/ivms" >}}), see the documentation about the [`ivms101` package in `trisa`](https://github.com/trisacrypto/trisa/tree/main/pkg/ivms101). +For help marshaling and unmarshaling [IVMS101 identity payloads]({{% relref "data/ivms" %}}), see the documentation about the [`ivms101` package in `trisa`](https://github.com/trisacrypto/trisa/tree/main/pkg/ivms101). You can use the online [IVMS101 Validator](https://ivmsvalidator.com/) produced by [21 Analytics](https://www.21analytics.ch/) to ensure your message is properly structured IVMS101. diff --git a/docs/content/envoy/_index.en.md b/docs/content/envoy/_index.en.md new file mode 100644 index 00000000..b058ddc6 --- /dev/null +++ b/docs/content/envoy/_index.en.md @@ -0,0 +1,9 @@ +--- +title: TRISA Envoy +date: 2021-04-23T01:35:35-04:00 +lastmod: 2022-08-10T13:22:02-04:00 +description: "Using the TRISA Envoy self-hosted node" +weight: 7 +--- + +Documentation coming soon! \ No newline at end of file diff --git a/docs/content/gds/_index.en.md b/docs/content/gds/_index.en.md index 81e6f497..42aaa334 100644 --- a/docs/content/gds/_index.en.md +++ b/docs/content/gds/_index.en.md @@ -22,11 +22,11 @@ GDS is replicated across multiple continents. The servers hosting GDS are in thr GDS also manages the certificate revocation list (CRL) to maintain the network over time. The directory issues sealing keys and manages revocation and reissuance of certificates. -This documentation describes the TRISA implementation of the directory service and TRISA-specific interactions with it. For details about working with the GDS API, visit the [API documentation]({{< ref "/gds/api" >}}). +This documentation describes the TRISA implementation of the directory service and TRISA-specific interactions with it. For details about working with the GDS API, visit the [API documentation]({{% ref "/gds/api" %}}). ## Networks -TRISA currently operates two directory services: a TestNet (trisatest.net) and the MainNet (vaspdirectory.net). The [TestNet]({{< ref "/testing" >}}) is intended to facilitate development and integration and should not be used for actual compliance exchanges. The MainNet is separated from the TestNet with a completely different certificate authority, and certificates issued to TestNet nodes cannot be used to connect to MainNet nodes and vice-versa. +TRISA currently operates two directory services: a TestNet (trisatest.net) and the MainNet (vaspdirectory.net). The [TestNet]({{% ref "/testing" %}}) is intended to facilitate development and integration and should not be used for actual compliance exchanges. The MainNet is separated from the TestNet with a completely different certificate authority, and certificates issued to TestNet nodes cannot be used to connect to MainNet nodes and vice-versa. Connect to the GDS and register for certificates with the following endpoints/urls: diff --git a/docs/content/gds/admin/configuration/_index.en.md b/docs/content/gds/admin/configuration/_index.en.md index 0e1a7391..ebb7b433 100644 --- a/docs/content/gds/admin/configuration/_index.en.md +++ b/docs/content/gds/admin/configuration/_index.en.md @@ -14,7 +14,7 @@ TRISA GDS and TestNet services are primarily configured using environment variab ## Configuration Documentation -- [GDS Node Configuration]({{< ref "gds/admin/configuration/gds" >}}) -- [BFF Service Configuration]({{< ref "gds/admin/configuration/bff" >}}) -- [React Apps Configuration]({{< ref "gds/admin/configuration/ui" >}}) -- [TrtlDB Configuration]({{< ref "gds/admin/configuration/trtl" >}}) \ No newline at end of file +- [GDS Node Configuration]({{% ref "gds/admin/configuration/gds" %}}) +- [BFF Service Configuration]({{% ref "gds/admin/configuration/bff" %}}) +- [React Apps Configuration]({{% ref "gds/admin/configuration/ui" %}}) +- [TrtlDB Configuration]({{% ref "gds/admin/configuration/trtl" %}}) \ No newline at end of file diff --git a/docs/content/gds/admin/deployment.en.md b/docs/content/gds/admin/deployment.en.md index d70412ad..d10b44ae 100644 --- a/docs/content/gds/admin/deployment.en.md +++ b/docs/content/gds/admin/deployment.en.md @@ -6,7 +6,7 @@ description: "Deploying the GDS System" weight: 10 --- -TRISA currently maintains two side-by-side networks that are deployed in Kubernetes clusters in North America, Germany, and Singapore. The "MainNet" (also referred to as the TRISA network) is the production TRISA service where peers exchange compliance information for real transactions. The "TestNet" is a mirror network that is setup to allow peers to develop their TRISA nodes and to ensure that they are configured correctly before engaging in production transactions. For more on using the TestNet, please see the [Testing documentation]({{< ref "testing" >}}). +TRISA currently maintains two side-by-side networks that are deployed in Kubernetes clusters in North America, Germany, and Singapore. The "MainNet" (also referred to as the TRISA network) is the production TRISA service where peers exchange compliance information for real transactions. The "TestNet" is a mirror network that is setup to allow peers to develop their TRISA nodes and to ensure that they are configured correctly before engaging in production transactions. For more on using the TestNet, please see the [Testing documentation]({{% ref "testing" %}}). The current network architecture is as follows: diff --git a/docs/content/gds/api.en.md b/docs/content/gds/api.en.md index c3f16024..cdae8a3c 100644 --- a/docs/content/gds/api.en.md +++ b/docs/content/gds/api.en.md @@ -198,7 +198,7 @@ The `Register` RPC expects a `RegisterRequest` message containing: 3. The Travel Rule implementation `trisa_endpoint` where other TRISA peers should connect. This should be an `addr:port` combination, (e.g. `trisa.vaspbot.net:443`). 4. The VASP's `common_name`, which should be the domain name to issue certificates for and should match the domain in the `trisa_endpoint`. If this field is omitted, the `common_name` is inferred from the `trisa_endpoint`. 5. Business information including `website`, `business_category`, `vasp_categories`, and the company's `established_on` date (in YYYY-MM-DD format). -6. The VASP's `trixo` questionnaire data. For more information, see the [TRIXO documentation]({{< ref "/joining-trisa/trixo" >}}). +6. The VASP's `trixo` questionnaire data. For more information, see the [TRIXO documentation]({{% ref "/joining-trisa/trixo" %}}). ```proto message RegisterRequest { @@ -214,7 +214,7 @@ message RegisterRequest { } ``` -A `RegisterRequest` returns a `RegisterReply` message containing verification metadata as well as a `pkcs12password` that must be used to decrypt the emailed certifications. For more information, see the [PKCS12 password documentation]({{< ref "/joining-trisa/pkcs12" >}}). Do not lose or share this password! +A `RegisterRequest` returns a `RegisterReply` message containing verification metadata as well as a `pkcs12password` that must be used to decrypt the emailed certifications. For more information, see the [PKCS12 password documentation]({{% ref "/joining-trisa/pkcs12" %}}). Do not lose or share this password! ```proto message RegisterReply { diff --git a/docs/content/gds/members.en.md b/docs/content/gds/members.en.md index 5bc703cd..ca9b78cb 100644 --- a/docs/content/gds/members.en.md +++ b/docs/content/gds/members.en.md @@ -197,4 +197,4 @@ func (m *MyProfile) Connect() (_ members.TRISAMembersClient, err error){ } ``` -*Note that there are currently two TRISA directories; the TRISA [TestNet]({{< ref "/testing" >}}), which allows users to experiment with the TRISA interactions, and the [VASP Directory](https://vaspdirectory.net/), which is the production network for TRISA transactions. If you have registered for the TestNet and have TestNet certificates, the endpoint you will pass into the dialing function will be `members.trisatest.net:443`. Alternatively, if you wish to access members of the VASP Directory and are already a registered member, you will use the endpoint `members.vaspdirectory.net:443`.* +*Note that there are currently two TRISA directories; the TRISA [TestNet]({{% ref "/testing" %}}), which allows users to experiment with the TRISA interactions, and the [VASP Directory](https://vaspdirectory.net/), which is the production network for TRISA transactions. If you have registered for the TestNet and have TestNet certificates, the endpoint you will pass into the dialing function will be `members.trisatest.net:443`. Alternatively, if you wish to access members of the VASP Directory and are already a registered member, you will use the endpoint `members.vaspdirectory.net:443`.* diff --git a/docs/content/getting-started/_index.de.md b/docs/content/getting-started/_index.de.md index 5baf98d4..d003b057 100644 --- a/docs/content/getting-started/_index.de.md +++ b/docs/content/getting-started/_index.de.md @@ -3,7 +3,7 @@ title: Integrationsübersicht date: 2021-04-23T01:35:35-04:00 lastmod: 2021-10-08T16:27:33-04:00 description: "Beschreibt, wie das TRISA-Protokoll in das TestNet integriert wird" -weight: 20 +weight: 5 --- ## Übersicht über die TRISA-Integration diff --git a/docs/content/getting-started/_index.en.md b/docs/content/getting-started/_index.en.md index 8665bdc7..bbe6d71f 100644 --- a/docs/content/getting-started/_index.en.md +++ b/docs/content/getting-started/_index.en.md @@ -8,15 +8,16 @@ weight: 5 Welcome! If you're new to TRISA, this guide will provide a path to help get you started. -- If you are a **hands-on developer**, you may wish to skip to the section for [**technical implementers**]({{< relref "getting-started#dev" >}}). -- If you are an **administrator or technical leader** at your organization, you may wish to skip to the [**administrative guide**]({{< relref "getting-started#admin" >}}). +- If you just want to get started as quickly as possible, consider simply using the [**TRISA Envoy self-hosted node**]({{% ref "envoy.md" %}}). +- If you are a **hands-on developer**, you may wish to skip to the section for [**technical implementers**]({{% relref "getting-started#dev" %}}). +- If you are an **administrator or technical leader** at your organization, you may wish to skip to the [**administrative guide**]({{% relref "getting-started#admin" %}}). ## Getting Started with TRISA There are three key steps to getting started integrating TRISA into your organization's Travel Rule solution: -1. *Register with the TRISA Directory Service*: Before you can integrate the TRISA protocol into your VASP software, you must [create an account and register](https://vaspdirectory.net/guide) with the TRISA Global Directory Service (GDS). This process is typically done by an administrator or technical leader at the organization and takes 1-2 business days. For more complete details, visit the documentation on [registration]({{< ref "/joining-trisa/registration" >}}). -2. *Implement the TRISA Protocol using TestNet*: To integrate TRISA, you will need to implement a TRISA node that can act as both a server and a client in TRISA exchanges. This process will require a team of developers and generally takes a few months. The TRISA [TestNet]({{< ref "/testing" >}}) is designed to support you with the development and testing of your TRISA node. It will enable you to perform live tests and validate transactions that share sensitive information safely and securely. Check out the [implementation overview]({{< ref "/getting-started#overview" >}}) for more details about how to get started. +1. *Register with the TRISA Directory Service*: Before you can integrate the TRISA protocol into your VASP software, you must [create an account and register](https://vaspdirectory.net/guide) with the TRISA Global Directory Service (GDS). This process is typically done by an administrator or technical leader at the organization and takes 1-2 business days. For more complete details, visit the documentation on [registration]({{% ref "/joining-trisa/registration" %}}). +2. *Implement the TRISA Protocol using TestNet*: To integrate TRISA, you will need to implement a TRISA node that can act as both a server and a client in TRISA exchanges. This process will require a team of developers and generally takes a few months. The TRISA [TestNet]({{% ref "/testing" %}}) is designed to support you with the development and testing of your TRISA node. It will enable you to perform live tests and validate transactions that share sensitive information safely and securely. Check out the [implementation overview]({{% ref "/getting-started#overview" %}}) for more details about how to get started. 3. *Implement your MainNet TRISA Node*: Once you have fully tested your implementation using the TestNet and RobotVASPs, you can quickly switch to the production TRISA Network by installing MainNet certificates to your TRISA node. Note that this may require registering for MainNet certificates if those were not requested in step 3. This page will provide resources for getting started for both VASP administrators as well as technical implementation teams. @@ -26,11 +27,11 @@ This page will provide resources for getting started for both VASP administrator If you're an administrator or technical leader whose organization is using (or planning to adopt) the TRISA protocol, this section is for you! These are the key portions of the documentation you will need to get started: -- [Joining TRISA]({{< ref "/joining-trisa" >}}) -- [Registering with the Global Directory Service]({{< ref "/joining-trisa/registration" >}}) -- [TRISA FAQ]({{< ref "/reference/faq" >}}) -- [TRISA Glossary]({{< ref "/reference/glossary" >}}) -- [External links and resources for TRISA]({{< ref "/reference" >}}) +- [Joining TRISA]({{% ref "/joining-trisa" %}}) +- [Registering with the Global Directory Service]({{% ref "/joining-trisa/registration" %}}) +- [TRISA FAQ]({{% ref "/reference/faq" %}}) +- [TRISA Glossary]({{% ref "/reference/glossary" %}}) +- [External links and resources for TRISA]({{% ref "/reference" %}}) Integrating TRISA will require a team of engineers capable of implementing the TRISA protocol. When considering setting up your own server to host your own TRISA node, you must consider items necessary that may incur significant costs and resources, such as the server itself, long-term data storage solution, and developer time to configure and test. If your organization does not have access to a technical team or resources, you may instead choose to integrate with a 3rd-party TRISA solution. A list of some of the commercial TRISA solutions is available in [this guide](https://trisa.io/regulators-guide/). @@ -40,9 +41,9 @@ Integrating TRISA will require a team of engineers capable of implementing the T If you're a developer whose organization is using (or planning to adopt) the TRISA protocol, this section is for you! These are the key portions of the documentation you will need to get started: -- [TRISA Protocol and API]({{< ref "/api" >}}) -- [Working with TRISA Data]({{< ref "/data" >}}) -- [Testing and Deployment]({{< ref "/testing" >}}) +- [TRISA Protocol and API]({{% ref "/api" %}}) +- [Working with TRISA Data]({{% ref "/data" %}}) +- [Testing and Deployment]({{% ref "/testing" %}}) ### Prerequisites @@ -72,7 +73,7 @@ If a language beside Go is required, client libraries may be generated from the ### Integration Notes -The TRISA Network protocol defines how data is transferred between participating VASPs. The recommended format for data transferred for identifying information is the [IVMS101 data format]({{< relref "data/ivms" >}}). It is the responsibility of the implementing VASP to ensure the identifying data sent/received satisfies the FATF Travel Rule. +The TRISA Network protocol defines how data is transferred between participating VASPs. The recommended format for data transferred for identifying information is the [IVMS101 data format]({{% relref "data/ivms" %}}). It is the responsibility of the implementing VASP to ensure the identifying data sent/received satisfies the FATF Travel Rule. The result of a successful TRISA transaction results in a key and encrypted data that satisfies the FATF Travel Rule. TRISA does not define how this data should be stored once obtained. It is the responsibility of the implementing VASP to handle the secure storage of the resulting data for the transaction. @@ -80,6 +81,6 @@ Some other considerations you will need to make to be prepared to fully integrat 1. How will your TRISA endpoint integrate with your existing backend systems? 2. How will you handle key management (e.g. your own private keys as well as the public keys of your counterparties)? -3. Are you prepared to store [envelopes]({{< ref "/data/envelopes" >}}) securely and in compliance with privacy regulations once you have received them from your counterparties? +3. Are you prepared to store [envelopes]({{% ref "/data/envelopes" %}}) securely and in compliance with privacy regulations once you have received them from your counterparties? -For more considerations, see our [Best Practices]({{< ref "/reference/best-practices" >}}) documentation. +For more considerations, see our [Best Practices]({{% ref "/reference/best-practices" %}}) documentation. diff --git a/docs/content/getting-started/_index.fr.md b/docs/content/getting-started/_index.fr.md index a54aa435..5fdb26b6 100644 --- a/docs/content/getting-started/_index.fr.md +++ b/docs/content/getting-started/_index.fr.md @@ -3,7 +3,7 @@ title: L'intégration date: 2021-04-23T01:35:35-04:00 lastmod: 2021-10-13T14:47:18-04:00 description: "Décrit comment intégrer le protocole TRISA dans le TestNet." -weight: 20 +weight: 5 --- ## Aperçu de l'intégration TRISA diff --git a/docs/content/getting-started/_index.ja.md b/docs/content/getting-started/_index.ja.md index 8b935c2a..20dbe0c6 100644 --- a/docs/content/getting-started/_index.ja.md +++ b/docs/content/getting-started/_index.ja.md @@ -3,7 +3,7 @@ title: TRISAプロトコルをTestNetに統合する方法について説明し date: 2021-04-23T01:35:35-04:00 lastmod: 2021-10-22T12:37:52-04:00 description: "TRISAプロトコルをTestNetに統合する方法について説明します" -weight: 20 +weight: 5 --- ## TRISA統合の概要 diff --git a/docs/content/getting-started/_index.zh.md b/docs/content/getting-started/_index.zh.md index 14abc896..09473380 100644 --- a/docs/content/getting-started/_index.zh.md +++ b/docs/content/getting-started/_index.zh.md @@ -3,7 +3,7 @@ title: 集成概述 date: 2021-04-23T01:35:35-04:00 lastmod: 2021-10-13T15:23:16-04:00 description: "描述如何在TestNet中集成TRISA协议" -weight: 20 +weight: 5 --- ## TRISA集成概述 diff --git a/docs/content/joining-trisa/_index.de.md b/docs/content/joining-trisa/_index.de.md new file mode 100644 index 00000000..afc4c476 --- /dev/null +++ b/docs/content/joining-trisa/_index.de.md @@ -0,0 +1,18 @@ +--- +title: Joining TRISA +date: 2022-06-17T09:15:46-04:00 +lastmod: 2022-06-17T16:53:39-04:00 +description: "Describes How to Join TRISA" +weight: 10 +--- + +This portion of the documentation describes how to become a TRISA member so that you can receive Identity Certificates and use them to perform secure information transfers with other VASPs. + +To join the TRISA network, you must [register]({{% ref "/joining-trisa/registration" %}}) with the TRISA [Global Directory Service (GDS)]({{% ref "/gds" %}}). + +The mechanics of registration include two important workflows: + +1. A KYV review process to ensure the network maintains trusted membership +2. Certificate issuance for mTLS authentication in the network + +Next, learn more about the [process of registration]({{% ref "/joining-trisa/registration" %}}). diff --git a/docs/content/joining-trisa/_index.en.md b/docs/content/joining-trisa/_index.en.md index 881a4f79..afc4c476 100644 --- a/docs/content/joining-trisa/_index.en.md +++ b/docs/content/joining-trisa/_index.en.md @@ -3,16 +3,16 @@ title: Joining TRISA date: 2022-06-17T09:15:46-04:00 lastmod: 2022-06-17T16:53:39-04:00 description: "Describes How to Join TRISA" -weight: 15 +weight: 10 --- This portion of the documentation describes how to become a TRISA member so that you can receive Identity Certificates and use them to perform secure information transfers with other VASPs. -To join the TRISA network, you must [register]({{< ref "/joining-trisa/registration" >}}) with the TRISA [Global Directory Service (GDS)]({{< ref "/gds" >}}). +To join the TRISA network, you must [register]({{% ref "/joining-trisa/registration" %}}) with the TRISA [Global Directory Service (GDS)]({{% ref "/gds" %}}). The mechanics of registration include two important workflows: 1. A KYV review process to ensure the network maintains trusted membership 2. Certificate issuance for mTLS authentication in the network -Next, learn more about the [process of registration]({{< ref "/joining-trisa/registration" >}}). +Next, learn more about the [process of registration]({{% ref "/joining-trisa/registration" %}}). diff --git a/docs/content/joining-trisa/_index.fr.md b/docs/content/joining-trisa/_index.fr.md new file mode 100644 index 00000000..afc4c476 --- /dev/null +++ b/docs/content/joining-trisa/_index.fr.md @@ -0,0 +1,18 @@ +--- +title: Joining TRISA +date: 2022-06-17T09:15:46-04:00 +lastmod: 2022-06-17T16:53:39-04:00 +description: "Describes How to Join TRISA" +weight: 10 +--- + +This portion of the documentation describes how to become a TRISA member so that you can receive Identity Certificates and use them to perform secure information transfers with other VASPs. + +To join the TRISA network, you must [register]({{% ref "/joining-trisa/registration" %}}) with the TRISA [Global Directory Service (GDS)]({{% ref "/gds" %}}). + +The mechanics of registration include two important workflows: + +1. A KYV review process to ensure the network maintains trusted membership +2. Certificate issuance for mTLS authentication in the network + +Next, learn more about the [process of registration]({{% ref "/joining-trisa/registration" %}}). diff --git a/docs/content/joining-trisa/_index.ja.md b/docs/content/joining-trisa/_index.ja.md new file mode 100644 index 00000000..afc4c476 --- /dev/null +++ b/docs/content/joining-trisa/_index.ja.md @@ -0,0 +1,18 @@ +--- +title: Joining TRISA +date: 2022-06-17T09:15:46-04:00 +lastmod: 2022-06-17T16:53:39-04:00 +description: "Describes How to Join TRISA" +weight: 10 +--- + +This portion of the documentation describes how to become a TRISA member so that you can receive Identity Certificates and use them to perform secure information transfers with other VASPs. + +To join the TRISA network, you must [register]({{% ref "/joining-trisa/registration" %}}) with the TRISA [Global Directory Service (GDS)]({{% ref "/gds" %}}). + +The mechanics of registration include two important workflows: + +1. A KYV review process to ensure the network maintains trusted membership +2. Certificate issuance for mTLS authentication in the network + +Next, learn more about the [process of registration]({{% ref "/joining-trisa/registration" %}}). diff --git a/docs/content/joining-trisa/_index.zh.md b/docs/content/joining-trisa/_index.zh.md new file mode 100644 index 00000000..afc4c476 --- /dev/null +++ b/docs/content/joining-trisa/_index.zh.md @@ -0,0 +1,18 @@ +--- +title: Joining TRISA +date: 2022-06-17T09:15:46-04:00 +lastmod: 2022-06-17T16:53:39-04:00 +description: "Describes How to Join TRISA" +weight: 10 +--- + +This portion of the documentation describes how to become a TRISA member so that you can receive Identity Certificates and use them to perform secure information transfers with other VASPs. + +To join the TRISA network, you must [register]({{% ref "/joining-trisa/registration" %}}) with the TRISA [Global Directory Service (GDS)]({{% ref "/gds" %}}). + +The mechanics of registration include two important workflows: + +1. A KYV review process to ensure the network maintains trusted membership +2. Certificate issuance for mTLS authentication in the network + +Next, learn more about the [process of registration]({{% ref "/joining-trisa/registration" %}}). diff --git a/docs/content/joining-trisa/ca.de.md b/docs/content/joining-trisa/ca.de.md deleted file mode 100644 index db58c9ba..00000000 --- a/docs/content/joining-trisa/ca.de.md +++ /dev/null @@ -1,229 +0,0 @@ ---- -title: "Sectigo" -date: 2020-12-24T07:58:37-05:00 -lastmod: 2021-10-08T16:25:00-05:00 -description: "Interaktionen des Verzeichnisdienstes mit der Sectigo CA API" -weight: 50 ---- - -[![Go Reference](https://pkg.go.dev/badge/github.com/trisacrypto/directory/pkg/sectigo.svg)](https://pkg.go.dev/github.com/trisacrypto/directory/pkg/sectigo) - -Der TRISA-Verzeichnisdienst stellt Zertifikate mit der Sectigo-Zertifizierungsstelle über sein IoT-Portal aus. Da der Verzeichnisdienst öffentliches Schlüsselmaterial sammeln muss, um einen ersten vertrauenswürdigen Handshake für mTLS zu ermöglichen, verwendet er die Sectigo IoT Manager API als Teil des VASP-Registrierungs- und Verifizierungsprozesses. Das Paket `github.com/trisacrypto/directory/pkg/sectigo` ist eine Go-Bibliothek für die Interaktion mit der API und implementiert die vom Verzeichnisdienst benötigten Endpunkte und Methoden. Das TestNet bietet auch ein Kommandozeilenprogramm für die Interaktion mit der API zu Verwaltungs- und Debuggingzwecken. Diese Dokumentation beschreibt das Befehlszeilendienstprogramm, das auch einen Überblick darüber gibt, wie man die API direkt zum Ausstellen und Widerrufen von Zertifikaten verwendet. - -Referenzmaterial: - -- [Paketdokumentation](https://pkg.go.dev/github.com/trisacrypto/directory/pkg/sectigo) -- [IoT Manager API-Dokumentation](https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000bvCJ) -- [IoT-Manager-Portal](https://iot.sectigo.com) - -## Erste Schritte - -Um das `sectigo` CLI-Dienstprogramm zu installieren, laden Sie entweder eine vorkompilierte Binärdatei von [Releases auf GitHub](https://github.com/trisacrypto/directory/releases) herunter oder installieren Sie es lokal mit: - -``` -$ go get github.com/trisacrypto/directory/cmd/sectigo -``` - -Dies fügt den `sectigo` Befehl zu Ihrem `$PATH` hinzu. - -## Authentifizierung - -Der erste Schritt ist die Authentifizierung. Sie sollten Ihren Benutzernamen und Ihr Passwort in den Umgebungsvariablen `$SECTIGO_USERNAME` und `$SECTIGO_PASSWORD` setzen (alternativ können Sie sie als Parameter in der Kommandozeile übergeben). Um Ihren Authentifizierungsstatus zu überprüfen, verwenden Sie: - -``` -$ sectigo auth -``` - -Die API authentifiziert sich mit Benutzername und Passwort und gibt dann Zugriffs- und Aktualisierungs-Tokens zurück, die in einer lokalen Cache-Datei gespeichert werden. Um zu sehen, wo Ihr Cache gespeichert ist, verwenden Sie: - -``` -$ sectigo auth --cache -``` - -Wenn Sie den Status Ihrer Anmeldeinformationen überprüfen möchten, z. B. ob die Zugriffstoken gültig, auffrischbar oder abgelaufen sind, verwenden Sie: - -``` -$ sectigo auth --debug -``` - -## Autoritäten und Profile - -Um mit den Zertifikaten zu arbeiten, müssen Sie die Autoritäten und Profile auflisten, auf die Ihr Benutzerkonto Zugriff hat. - -``` -$ sectigo authorities -[ - { - "id": 1, - "ecosystemId": 100, - "signerCertificateId": 0, - "ecosystemName": "TRISA", - "balance": 10, - "enabled": true, - "profileId": 42, - "profileName": "TRISA Profile" - } -] -``` - -Die Autorität zeigt die Methoden und Profile an, unter denen Zertifikate erstellt werden. Hier ist das Feld `profileId` sehr wichtig für die Verwendung in nachfolgenden Aufrufen. Sie können auch sehen, wie viele Lizenzen über alle Autoritäten hinweg wie folgt bestellt/ausgestellt wurden: - -``` -$ sectigo licenses -{ - "ordered": 2, - "issued": 2 -} -``` - -Um Detailinformationen für ein Profil zu erhalten, verwenden Sie profileId mit dem folgenden Befehl: - -``` -$ sectigo profiles -i 42 -``` - -Dies gibt die rohe Profilkonfiguration zurück. Bevor Sie Zertifikate mit der Autorität erstellen, müssen Sie die erforderlichen Profilparameter kennen: - -``` -$ sectigo profile -i 42 --params -``` - -## Erstellen von Zertifikaten - -Sie können die Erstellung eines Zertifikats mit den Parametern `commonName` und `pkcs12Password` wie folgt anfordern (beachten Sie, dass Sie für Profile, die andere Parameter erfordern, direkt die Codebasis verwenden und Ihre eigene Methode implementieren müssen): - -``` -$ sectigo create -a 42 -d example.com -p secrtpasswrd -b "example.com certs" -{ - "batchId": 24, - "orderNumber": 1024, - "creationDate": "2020-12-10T16:35:32.805+0000", - "profile": "TRISA Profile", - "size": 1, - "status": "CREATED", - "active": false, - "batchName": "example.com certs", - "rejectReason": "", - "generatorParametersValues": null, - "userId": 10, - "downloadable": true, - "rejectable": true -} -``` - -Das Flag `-a` gibt die Autorität an, sollte aber eine Profil-ID sein. Die Domäne muss eine gültige Domäne sein. Wenn Sie kein Passwort angeben, wird eines für Sie generiert und vor dem Beenden auf der CLI ausgegeben. Das Flag `-b` gibt einen von Menschen lesbaren Namen für die Batch-Erstellung an. Die Rückgabedaten zeigen Details über den erstellten Stapelzertifikatsauftrag; Um den Status zu überprüfen, können Sie die Daten wie folgt abrufen: - -``` -$ sectigo batches -i 24 -``` - -Sie können auch Informationen über die Verarbeitung des Stapels erhalten: - -``` -$ sectigo batches -i 24 --status -``` - -Sobald der Stapel erstellt ist, ist es an der Zeit, die Zertifikate in einer ZIP-Datei herunterzuladen: - -``` -$ sectigo download -i 24 -o certs/ -``` - -Dadurch wird die Batch-Datei (normalerweise batchId.zip, in diesem Fall 24.zip) in das Verzeichnis `certs/` heruntergeladen. Entpacken Sie die certs und entschlüsseln Sie die Datei .pem wie folgt: - -``` -$ unzip certs/24.zip -$ openssl pkcs12 -in certs/example.com.p12 -out certs/example.com.pem -nodes -``` - -Weitere Informationen zur Arbeit mit der PKCS12-Datei finden Sie unter [Exportieren von Zertifikaten und privaten Schlüsseln aus einer PKCS#12-Datei mit OpenSSL](https://www.ssl.com/how-to/export-certificates-private-key-from-pkcs12-file-with-openssl/). - -## Hochladen einer CSR - -Eine Alternative zur Zertifikatserstellung ist das Hochladen eines Certificate Signing Request (CSR). Dieser Mechanismus ist oft vorzuziehen, da er bedeutet, dass kein privates Schlüsselmaterial über das Netzwerk übertragen werden muss und der private Schlüssel auf sicherer Hardware verbleiben kann. - -Um eine CSR mit `openssl` auf der Kommandozeile zu erzeugen, erstellen Sie zunächst eine Konfigurationsdatei mit dem Namen `trisa.conf` in Ihrem aktuellen Arbeitsverzeichnis, wobei Sie `example.com` durch die Domain ersetzen, auf der Sie Ihren TRISA-Endpunkt hosten wollen: - -```conf -[req] -distinguished_name = dn_req -req_extensions = v3ext_req -prompt = no -default_bits = 4096 -[dn_req] -CN = example.com -O = [Organization] -L = [City] -ST = [State or Province (vollständig buchstabiert, keine Abkürzungen)] -C = [2 digit country code] -[v3ext_req] -basicConstraints = CA:FALSE -keyUsage = digitalSignature, keyEncipherment, nonRepudiation -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = @alt_names -[alt_names] -DNS.1 = example.com -``` - -Bitte füllen Sie die Konfiguration für Ihr Zertifikat sorgfältig aus. Diese Informationen müssen korrekt sein und können nicht geändert werden, ohne dass das Zertifikat neu ausgestellt wird. Achten Sie auch darauf, dass nach den Einträgen in der Konfiguration keine Leerzeichen stehen! - -Führen Sie anschließend den folgenden Befehl aus und ersetzen Sie dabei `example.com` durch den Namen der Domäne, die Sie als TRISA-Endpunkt verwenden werden: - -``` -$ openssl req -new -newkey rsa:4096 -nodes -sha384 -config trisa.conf \ - -keyout example.com.key -out example.com.csr -``` - -Anschließend können Sie die CSR mithilfe des CLI-Programms wie folgt hochladen: - -``` -$ sectigo upload -p 42 .csr -{ - "batchId": 24, - "orderNumber": 1024, - "creationDate": "2020-12-10T16:35:32.805+0000", - "profile": "TRISA Profile", - "size": 1, - "status": "CREATED", - "active": false, - "batchName": "example.com certs", - "rejectReason": "", - "generatorParametersValues": null, - "userId": 10, - "downloadable": true, - "rejectable": true -} -``` - -Das Flag `-p` gibt das Profil an, mit dem die CSR-Batch-Anforderung verwendet werden soll, und muss eine gültige profileId sein. Bei den hochgeladenen CSRs kann es sich um eine einzelne Textdatei mit mehreren CSRs im PEM-Format handeln, wobei Standard-BEGIN/END-Trennzeichen verwendet werden. - -## Verwaltung von Zertifikaten - -Sie können nach einem Zertifikat über den Namen oder die Seriennummer suchen, aber meistens sollten Sie nach der Domain oder dem Common Name suchen, um die Seriennummer zu erhalten: - -``` -$ sectigo find -n example.com -``` - -Sobald Sie die Seriennummer erhalten haben, können Sie das Zertifikat wie folgt widerrufen: - -``` -$ sectigo revoke -p 42 -r "cessation of operation" -s 12345 -``` - -Dieser Befehl erwartet die Profil-ID, die das Zertifikat ausgestellt hat, mit dem Flag `-p`, einen [RFC 5280 Reason Code](https://tools.ietf.org/html/rfc5280#section-5.3.1), der über das Flag `-r` übergeben wird (standardmäßig nicht spezifiziert), und die Seriennummer des Zertifikats mit dem Flag `-s`. Wenn dieser Befehl keinen Fehler auslöst, wurde das Zertifikat erfolgreich widerrufen. - -Die RFC 5280 Reason Codes sind: - -- "unspecified" -- "keycompromise" -- "ca compromise" -- "affiliation changed" -- "superseded" -- "cessation of operation" -- "certificate hold" -- "remove from crl" -- "privilege withdrawn" -- "aa compromise" - -Beachten Sie, dass bei der Angabe des Reason Codes zwischen Leerzeichen und Groß-/Kleinschreibung nicht unterschieden wird. diff --git a/docs/content/joining-trisa/ca.fr.md b/docs/content/joining-trisa/ca.fr.md deleted file mode 100644 index 9dfeccaf..00000000 --- a/docs/content/joining-trisa/ca.fr.md +++ /dev/null @@ -1,229 +0,0 @@ ---- -title: "Sectigo" -date: 2020-12-24T07:58:37-05:00 -lastmod: 2021-10-13T14:41:50-05:00 -description: "Interactions des services d'annuaire avec l'API du CA de Sectigo" -weight: 50 ---- - -[![Go Reference](https://pkg.go.dev/badge/github.com/trisacrypto/directory/pkg/sectigo.svg)](https://pkg.go.dev/github.com/trisacrypto/directory/pkg/sectigo) - -Le service d'annuaire TRISA émet des certificats en utilisant l'autorité de certification Sectigo via son portail IdO. Comme le service d'annuaire doit collecter des clés publiques afin de faciliter la création d’une liaison de confiance initiale pour mTLS, il utilise le gestionnaire IdO de l'API de Sectigo dans le cadre du processus d'enregistrement et de vérification VASP. Le paquet `github.com/trisacrypto/directory/pkg/sectigo` est une bibliothèque Go pour interagir avec l'API, implémentant les terminaisons ainsi que les méthodes requises par le service d'annuaire. Le TestNet fournit également un utilitaire en ligne de commande pour interagir avec l'API à des fins d'administration et de débogage. Cette documentation décrit l'utilitaire de ligne de commande, qui donne également un aperçu de la façon d'utiliser l'API directement pour émettre et révoquer des certificats. - -Notes de référence : - -- [Documentation des paquets](https://pkg.go.dev/github.com/trisacrypto/directory/pkg/sectigo) -- [Documentation du gestionnaire IdO de l'API](https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000bvCJ) -- [Portail du Gestionnaire IdO](https://iot.sectigo.com) - -## Démarrage - -Pour installer l’utilitaire CLI de `sectigo`, téléchargez un binaire précompilé à partir du site [disponible sur GitHub](https://github.com/trisacrypto/directory/releases), ou bien installez le localement à l'aide du programme: - -``` -$ go get github.com/trisacrypto/directory/cmd/sectigo -``` - -Ceci ajoutera la commande `sectigo` à votre `$PATH`. - -## Authentification - -La première étape est l'authentification, vous devez définir votre nom d'utilisateur et votre mot de passe dans les champs variables `$SECTIGO_USERNAME` et `$SECTIGO_PASSWORD` (alternativement les passer en paramètre de ligne de commande). Pour vérifier votre statut d'authentification, vous pouvez utiliser : - -``` -$ sectigo auth -``` - -L'API authentifie par nom d'utilisateur et mot de passe, puis renvoie des jetons d'accès et d'actualisation qui sont stockés dans un fichier cache local. Pour savoir où est stocké votre cache : - -``` -$ sectigo auth --cache -``` - -Si vous souhaitez vérifier l'état de vos informations d'identification, par exemple si les jetons d'accès sont valides, actualisables ou expirés, utilisez : - -``` -$ sectigo auth --debug -``` - -## Autorités et profils - -Pour commencer à interagir avec les certificats, vous devez répertorier les autorités et les profils auxquels votre compte utilisateur a accès. - -``` -$ sectigo authorities -[ - { - "id": 1, - "ecosystemId": 100, - "signerCertificateId": 0, - "ecosystemName": "TRISA", - "balance": 10, - "enabled": true, - "profileId": 42, - "profileName": "TRISA Profile" - } -] -``` - -L'autorité affiche les méthodes et les profils par lesquels les certificats sont créés. Ici, le champ `profileId` est très important pour être utilisé dans les requêtes ultérieures. Vous pouvez également voir combien de licences ont été commandées/émises pour toutes les autorités comme suit : - -``` -$ sectigo licenses -{ - "ordered": 2, - "issued": 2 -} -``` - -Pour obtenir des informations détaillées sur un profil, utilisez le profileId avec la commande suivante : - -``` -$ sectigo profiles -i 42 -``` - -Cela renverra la configuration brute du profil. Avant de créer des certificats avec l'autorité, vous devez connaître les paramètres de profil requis : - -``` -$ sectigo profile -i 42 --params -``` - -## Création des Certificats - -Vous pouvez demander la création d'un certificat avec les paramètres `commonName` et `pkcs12Password` comme suit (note : pour les profils nécessitant d'autres paramètres, vous devrez utiliser directement la base de code et implémenter votre propre méthode) : - -``` -$ sectigo create -a 42 -d example.com -p secrtpasswrd -b "example.com certs" -{ - "batchId": 24, - "orderNumber": 1024, - "creationDate": "2020-12-10T16:35:32.805+0000", - "profile": "TRISA Profile", - "size": 1, - "status": "CREATED", - "active": false, - "batchName": "example.com certs", - "rejectReason": "", - "generatorParametersValues": null, - "userId": 10, - "downloadable": true, - "rejectable": true -} -``` - -Le champ `-a` spécifie l'autorité, mais doit être un id de profil. Le domaine doit être un domaine valide. Si vous ne spécifiez pas de mot de passe, un mot de passe est généré pour vous et imprimé sur le CLI avant la sortie. Le champ `-b` donne un nom lisible par l'homme pour la création des lots de certificats. Les données retournées donnent des détails sur la tâche de création des lots ; vous pouvez récupérer les données pour continuer à vérifier l'état comme suit : - -``` -$ sectigo batches -i 24 -``` - -Vous pouvez également obtenir des informations sur le traitement du lot : - -``` -$ sectigo batches -i 24 --status -``` - -Une fois le lot créé, il ne reste plus qu'à télécharger les certificats dans un fichier ZIP : - -``` -$ sectigo download -i 24 -o certs/ -``` - -Cela téléchargera le lot de fichiers (généralement batchId.zip, 24.zip dans ce cas) vers le répertoire `certs/`. Décompressez les certificats puis décryptez le fichier .pem comme suit : - -``` -$ unzip certs/24.zip -$ openssl pkcs12 -in certs/example.com.p12 -out certs/example.com.pem -nodes -``` - -Pour plus d'informations relatives au fichier PKCS12, voir [Exportation des certificats et clés privées à partir d'un fichier PKCS#12 avec OpenSSL](https://www.ssl.com/how-to/export-certificates-private-key-from-pkcs12-file-with-openssl/). - -## Chargement d'un CSR - -Une alternative à la création d'un certificat consiste à uploader une demande de signature de certificat (CSR). Ce mécanisme est souvent préférable car il signifie qu'aucun élément de clé privée ne doit être transmis sur le réseau et que la clé privée peut rester sur un support matériel sécurisé. - -Pour générer un CSR en utilisant `openssl` en CLI, créez tout d’abord un fichier de configuration nommé `trisa.conf` dans votre répertoire courant en remplaçant `example.com` par le nom de domaine dans lequel vous souhaitez héberger votre terminal TRISA : - -```conf -[req] -distinguished_name = dn_req -req_extensions = v3ext_req -prompt = no -default_bits = 4096 -[dn_req] -CN = example.com -O = [Organization] -L = [City] -ST = [State or Province (en toutes lettres, sans abréviations)] -C = [2 digit country code] -[v3ext_req] -basicConstraints = CA:FALSE -keyUsage = digitalSignature, keyEncipherment, nonRepudiation -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = @alt_names -[alt_names] -DNS.1 = example.com -``` - -Veuillez remplir soigneusement la configuration de votre certificat, ces informations doivent être correctes et ne peuvent être modifiées sans réémettre le certificat. Assurez-vous également qu'il n'y a pas d'espace après les données de la configuration ! - -Puis exécutez la commande suivante, en remplaçant `example.com` par le nom de domaine que vous utiliserez comme terminaison TRISA : - -``` -$ openssl req -new -newkey rsa:4096 -nodes -sha384 -config trisa.conf \ - -keyout example.com.key -out example.com.csr -``` - -Vous pouvez ensuite charger le CSR via le CLI comme suit : - -``` -$ sectigo upload -p 42 .csr -{ - "batchId": 24, - "orderNumber": 1024, - "creationDate": "2020-12-10T16:35:32.805+0000", - "profile": "TRISA Profile", - "size": 1, - "status": "CREATED", - "active": false, - "batchName": "example.com certs", - "rejectReason": "", - "generatorParametersValues": null, - "userId": 10, - "downloadable": true, - "rejectable": true -} -``` - -Le champ `-p` spécifie le profil à utiliser pour la requête de lot de CSR et doit être un ID de profil valide. Les CSR chargés peuvent être un fichier texte unique contenant plusieurs CSR au format PEM avec des séparateurs standards BEGIN/END. - -## Gestion des Certificats - -Vous pouvez rechercher un certificat par nom ou par numéro de série, mais le plus souvent on recherche par domaine ou par nom commun pour obtenir le numéro de série : - -``` -$ sectigo find -n example.com -``` - -Une fois le numéro de série obtenu, vous pouvez révoquer le certificat comme suit : - -``` -$ sectigo revoke -p 42 -r "cessation of operation" -s 12345 -``` - -Cette commande vérifie l’ID du profil qui a émis le certificat avec le champ `-p` le [RFC 5280 code du motif](https://tools.ietf.org/html/rfc5280#section-5.3.1) transmis via le champ `-r` (non spécifié par défaut) et le numéro de série du certificat en utilisant le champ `-s`. Si cette commande ne présente pas d'erreur, alors le certificat a été révoqué avec succès. - -Les motifs du RFC 5280 : - -- "unspecified" -- "keycompromise" -- "ca compromise" -- "affiliation changed" -- "superseded" -- "cessation of operation" -- "certificate hold" -- "remove from crl" -- "privilege withdrawn" -- "aa compromise" - -Notez que le motif est insensible aux espaces et à la casse. diff --git a/docs/content/joining-trisa/ca.ja.md b/docs/content/joining-trisa/ca.ja.md deleted file mode 100644 index 0e43a9ec..00000000 --- a/docs/content/joining-trisa/ca.ja.md +++ /dev/null @@ -1,229 +0,0 @@ ---- -title: "Sectigo" -date: 2020-12-24T07:58:37-05:00 -lastmod: 2022-10-22T12:34:20-05:00 -description: "ディレクトリサービスとSectigoCAAPIとのやり取り" -weight: 50 ---- - -[![Go Reference](https://pkg.go.dev/badge/github.com/trisacrypto/directory/pkg/sectigo.svg)](https://pkg.go.dev/github.com/trisacrypto/directory/pkg/sectigo) - -TRISAディレクトリサービスは、IoTポータル経由でSectigo認証局を使用して証明書を発行します。 ディレクトリサービスは、mTLSの最初の信頼できるハンドシェイクを容易にするために公開鍵マテリアルを収集する必要があるため、VASP登録および検証プロセスの一部としてSectigo IoT マネジャーAPIを使用します。 `github.com/trisacrypto/directory/pkg/sectigo`パッケージは、APIと対話し、ディレクトリサービスに必要なエンドポイントとメソッドを実装するための行けライブラリです。テストネットは、管理およびデバッグの目的でAPIと対話するためのコマンドラインユーティリティも提供します。 このドキュメントでは、コマンドラインユーティリティについて説明します。このユーティリティでは、APIを直接使用して証明書を発行および取り消す方法の概要も説明しています。 - -参考資料: - -- [パッケージドキュメント](https://pkg.go.dev/github.com/trisacrypto/directory/pkg/sectigo) -- [IoT マネジャーAPI ドキュメンテーション](https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000bvCJ) -- [IoT Manager Portal](https://iot.sectigo.com) - -## 取得開始 - -`sectigo` CLIユーティリティをインストールするには、[GitHubのリリース](https://github.com/trisacrypto/directory/releases) からコンパイル済みのバイナリをダウンロードします またはローカルにインストール使用: - -``` -$ go get github.com/trisacrypto/directory/cmd/sectigo -``` - -これにより、 `sectigo`コマンドが` $PATH`に追加されます。 - -## 認証 - -最初のステップは認証です。ユーザー名とパスワードを `$SECTIGO_USERNAME`と` $SECTIGO_PASSWORD`環境変数に設定する必要があります(または、コマンドラインでパラメーターとして渡すこともできます)。認証ステータスを確認するには、次を使用できます。 - -``` -$ sectigo auth -``` - -APIはユーザー名とパスワードで認証し、ローカルキャッシュファイルに保存されているアクセストークンと更新トークンを返します。 キャッシュが保存されている場所を確認するには: - -``` -$ sectigo auth --cache -``` - -クレデンシャルの状態を確認したい場合、例: アクセストークンが有効、更新可能、または期限切れの場合は、次を使用します。 - -``` -$ sectigo auth --debug -``` - -## 当局とプロフィール - -証明書の操作を開始するには、ユーザーアカウントがアクセスできる権限とプロファイルを一覧表示する必要があります。 - -``` -$ sectigo authorities -[ - { - "id": 1, - "ecosystemId": 100, - "signerCertificateId": 0, - "ecosystemName": "TRISA", - "balance": 10, - "enabled": true, - "profileId": 42, - "profileName": "TRISA Profile" - } -] -``` - -権限は、証明書が作成されるメソッドとプロファイルを表示します。 ここで、 `profileId`フィールドは、後続の呼び出しで使用するために非常に重要です。 次のように、すべての機関で注文/発行されたライセンスの数を確認することもできます。 - -``` -$ sectigo licenses -{ - "ordered": 2, - "issued": 2 -} -``` - -プロファイルの詳細情報を取得するには、次のコマンドでprofileIdを使用します。 - -``` -$ sectigo profiles -i 42 -``` - -これにより、生のプロファイル構成が返されます。 権限で証明書を作成する前に、必要なプロファイルパラメータを知っておく必要があります。 - -``` -$ sectigo profile -i 42 --params -``` - -## 証明書の作成 - -次のように、`commonName`および` pkcs12Password`パラメーターを使用して証明書の作成を要求できます(他のパラメーターを必要とするプロファイルについては、コードベースを直接使用して独自のメソッドを実装する必要があります)。 - -``` -$ sectigo create -a 42 -d example.com -p secrtpasswrd -b "example.com certs" -{ - "batchId": 24, - "orderNumber": 1024, - "creationDate": "2020-12-10T16:35:32.805+0000", - "profile": "TRISA Profile", - "size": 1, - "status": "CREATED", - "active": false, - "batchName": "example.com certs", - "rejectReason": "", - "generatorParametersValues": null, - "userId": 10, - "downloadable": true, - "rejectable": true -} -``` - -`-a`フラグは権限を指定しますが、プロファイルIDである必要があります。 ドメインは有効なドメインである必要があります。パスワードを指定しない場合、パスワードが生成され、終了する前にCLIに出力されます。 `-b`フラグは、バッチ作成に人間が読める形式の名前を付けます。戻りデータには、作成されたバッチ証明書ジョブに関する詳細が表示されます。次のように、データをフェッチしてステータスをチェックし続けることができます。 - -``` -$ sectigo batches -i 24 -``` - -バッチの処理情報を取得することもできます。 - -``` -$ sectigo batches -i 24 --status -``` - -バッチが作成されたら、ジップファイルで証明書をダウンロードします。 - -``` -$ sectigo download -i 24 -o certs/ -``` - -これにより、バッチファイル(通常はbatchId.zip、この場合は24.zip)が `certs/`ディレクトリにダウンロードされます。 証明書を解凍してから、次のように.pemファイルを復号化します。 - -``` -$ unzip certs/24.zip -$ openssl pkcs12 -in certs/example.com.p12 -out certs/example.com.pem -nodes -``` - -PKCS12ファイルの操作の詳細については、を参照してください[オープンSSLを使用してPKCS#12ファイルから証明書と秘密鍵をエクスポートする](https://www.ssl.com/how-to/export-certificates-private-key-from-pkcs12-file-with-openssl/). - -## CSRのアップロード - -証明書を作成する代わりに、証明書署名要求(CSR)をアップロードすることもできます。 このメカニズムは、秘密鍵の素材をネットワーク経由で送信する必要がなく、秘密鍵を安全なハードウェアに残すことができるため、多くの場合望ましいものです。 - -コマンドラインで `openssl`を使用してCSRを生成するには、最初に現在の作業ディレクトリに` trisa.conf`という名前の構成ファイルを作成し、`example.com`をTRISAエンドポイントをホストする予定のドメインに置き換えます。 - -```conf -[req] -distinguished_name = dn_req -req_extensions = v3ext_req -prompt = no -default_bits = 4096 -[dn_req] -CN = example.com -O = [Organization] -L = [City] -ST = [State or Province (完全にスペルアウトされ、略語はありません)] -C = [2 digit country code] -[v3ext_req] -basicConstraints = CA:FALSE -keyUsage = digitalSignature, keyEncipherment, nonRepudiation -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = @alt_names -[alt_names] -DNS.1 = example.com -``` - -証明書の構成を慎重に入力してください。この情報は正しくなければならず、証明書を再発行せずに変更することはできません。また、構成のエントリの後にスペースがないことを確認してください。 - -次に、次のコマンドを実行し、`example.com`をTRISAエンドポイントとして使用するドメイン名に置き換えます。 - -``` -$ openssl req -new -newkey rsa:4096 -nodes -sha384 -config trisa.conf \ - -keyout example.com.key -out example.com.csr -``` - -次に、CLIプログラムを使用して次のようにCSRをアップロードできます。 - -``` -$ sectigo upload -p 42 .csr -{ - "batchId": 24, - "orderNumber": 1024, - "creationDate": "2020-12-10T16:35:32.805+0000", - "profile": "TRISA Profile", - "size": 1, - "status": "CREATED", - "active": false, - "batchName": "example.com certs", - "rejectReason": "", - "generatorParametersValues": null, - "userId": 10, - "downloadable": true, - "rejectable": true -} -``` - -`-p`フラグは、CSRバッチ要求を使用するプロファイルを指定し、有効なプロファイルIDである必要があります。アップロードされたCSRは、標準のベギン/終了セパレーターを使用して、PEM形式の複数のCSRを含む単一のテキストファイルにすることができます。 - -##証明書の管理 - -名前またはシリアル番号で証明書を検索できますが、ほとんどの場合、ドメインまたは一般名で検索してシリアル番号を取得します。 - -``` -$ sectigo find -n example.com -``` - -シリアル番号を取得したら、次のように証明書を取り消すことができます。 - -``` -$ sectigo revoke -p 42 -r "cessation of operation" -s 12345 -``` - -このコマンドは、 `-p`フラグが付いた証明書を発行したプロファイルID、[RFC 5280理由コード](https://tools.ietf.org/html/rfc5280#section-5.3.1) が`を介して渡されることを想定しています。 -r`フラグ(デフォルトでは指定されていません)、および `-s`フラグを使用した証明書のシリアル番号。このコマンドでエラーが発生しない場合、証明書は正常に取り消されています。 - -RFC5280の理由は次のとおりです。 - -- "unspecified" -- "keycompromise" -- "ca compromise" -- "affiliation changed" -- "superseded" -- "cessation of operation" -- "certificate hold" -- "remove from crl" -- "privilege withdrawn" -- "aa compromise" - -理由は空白と大文字と小文字を区別しないことに注意してください。 diff --git a/docs/content/joining-trisa/ca.zh.md b/docs/content/joining-trisa/ca.zh.md deleted file mode 100644 index b465bd6b..00000000 --- a/docs/content/joining-trisa/ca.zh.md +++ /dev/null @@ -1,229 +0,0 @@ ---- -title: "Sectigo" -date: 2020-12-24T07:58:37-05:00 -lastmod: 2021-10-13T15:16:54-05:00 -description: "目录服务与Sectigo CA API的交互" -weight: 50 ---- - -[![Go Reference](https://pkg.go.dev/badge/github.com/trisacrypto/directory/pkg/sectigo.svg)](https://pkg.go.dev/github.com/trisacrypto/directory/pkg/sectigo) - -TRISA目录服务通过IoT门户使用Sectigo证书颁发机构颁发证书。由于目录服务必须收集公钥信息,以推进mTLS的初始信任握手,因此它使用Sectigo IoT Manager API作为VASP注册和验证过程的一部分。`github.com/trisacrypto/directory/pkg/sectigo`包是一个用于与API交互以及实现目录服务所需的端点和方法的Go库。TestNet还提供了一个命令行公用程序,用于与API进行交互,以实现管理和调试目的。本文档描述了命令行公用程序,还概述了如何直接使用API来颁发和撤销证书。 - -参考资料: - -- [软件包文档](https://pkg.go.dev/github.com/trisacrypto/directory/pkg/sectigo) -- [IoT Manager API 文档](https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000bvCJ) -- [IoT Manager 门户网站](https://iot.sectigo.com) - -## 开始 - -如需安装`sectigo` CLI实用程序,可从[GitHub发布的文件](https://github.com/trisacrypto/directory/releases)下载预编译的二进制文件,或者使用以下命令在本地安装: - -``` -$ go get github.com/trisacrypto/directory/cmd/sectigo -``` - -此操作将添加`sectigo`命令到您的`$PATH`。 - -## 身份验证 - -第一步是身份验证,您应该在`$SECTIGO_USERNAME`和`$SECTIGO_PASSWORD`环境变量中设置您的用户名和密码(或者您可以在命令行中将它们作为参数传递)。如需验证您的身份验证状态,您可以使用以下命令: - -``` -$ sectigo auth -``` - -API通过用户名和密码进行身份验证,然后返回访问权限以及存储在本地缓存文件中的刷新令牌。查看缓存的存储位置: - -``` -$ sectigo auth --cache -``` - -如果您想检查凭据状态,例如访问令牌是否有效、可刷新或已过期,请使用: - -``` -$ sectigo auth --debug -``` - -## 权限和配置文件 - -开始与证书交互前,您需要列出您的用户账户可以访问的权限和配置文件。 - -``` -$ sectigo authorities -[ - { - "id": 1, - "ecosystemId": 100, - "signerCertificateId": 0, - "ecosystemName": "TRISA", - "balance": 10, - "enabled": true, - "profileId": 42, - "profileName": "TRISA Profile" - } -] -``` - -权限显示创建证书所依附的方法和概要文件。这里的`profileId`字段对于在后续调用中的使用非常重要。您还可以通过如下命令查看权限中已经订购/颁发了多少许可证: - -``` -$ sectigo licenses -{ - "ordered": 2, - "issued": 2 -} -``` - -如需获取配置文件的详细信息,请通过以下命令来使用profileId: - -``` -$ sectigo profiles -i 42 -``` - -此操作将返回原始配置文件的配置。在使用权限创建证书之前,您需要知道所需的配置文件参数: - -``` -$ sectigo profile -i 42 --params -``` - -## 创建证书 - -您可以请求用`commonName`和`pkcs12Password`参数创建一个证书,如下所示(注意,对于需要其他参数的配置文件,您必须直接使用代码库并实现自己的方法): - -``` -$ sectigo create -a 42 -d example.com -p secrtpasswrd -b "example.com certs" -{ - "batchId": 24, - "orderNumber": 1024, - "creationDate": "2020-12-10T16:35:32.805+0000", - "profile": "TRISA Profile", - "size": 1, - "status": "CREATED", - "active": false, - "batchName": "example.com certs", - "rejectReason": "", - "generatorParametersValues": null, - "userId": 10, - "downloadable": true, - "rejectable": true -} -``` - -`-a`标志指定权限,但它应该是配置文件id。域名必须有效。如果您没有指定密码,则会为您生成一个密码,并在退出之前显示在CLI中。`-b`标志为批处理创建提供了一个人类可读的名称。返回数据显示创建的批处理证书作业的详细信息;您可以使用以下命令获取数据,以继续查看状态: - -``` -$ sectigo batches -i 24 -``` - -您还可以获取批处理信息: - -``` -$ sectigo batches -i 24 --status -``` - -一旦创建批处理,就该下载ZIP文件中的证书了: - -``` -$ sectigo download -i 24 -o certs/ -``` - -此操作将下载批处理文件(通常为batchId.zip,在本例中是24.zip)到`certs/`目录。解压缩certs,然后通过以下命令对.pem文件进行解密: - -``` -$ unzip certs/24.zip -$ openssl pkcs12 -in certs/example.com.p12 -out certs/example.com.pem -nodes -``` - -有关使用PKCS12文件的更多信息,请参见[使用OpenSSL从PKCS#12文件导出证书和私钥](https://www.ssl.com/how-to/export-certificates-private-key-from-pkcs12-file-with-openssl/)。 - -## 上传CSR - -创建证书的另一种方法是上传证书签名请求(CSR)。这种机制通常更可取,因为它意味着不需要通过网络传输私钥信息,而且私钥可以保存在安全的硬件中。 - -如需在命令行中使用`openssl`生成CSR,首先在您的当前工作目录中创建一个名为`trisa.conf`的配置文件,通过以下命令用您打算托管TRISA端点的域名替换`example.com`: - -```conf -[req] -distinguished_name = dn_req -req_extensions = v3ext_req -prompt = no -default_bits = 4096 -[dn_req] -CN = example.com -O = [Organization] -L = [City] -ST = [State or Province (完整拼出,勿使用缩写)] -C = [2 digit country code] -[v3ext_req] -basicConstraints = CA:FALSE -keyUsage = digitalSignature, keyEncipherment, nonRepudiation -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = @alt_names -[alt_names] -DNS.1 = example.com -``` - -请仔细填写您的证书配置,信息必须正确无误,所填信息无法在不重新颁发证书的情况下更改。还要确保配置中的条目后面没有空格! - -然后将`example.com`替换为您将使用的TRISA端点的域名,并运行以下命令: - -``` -$ openssl req -new -newkey rsa:4096 -nodes -sha384 -config trisa.conf \ - -keyout example.com.key -out example.com.csr -``` - -然后可以通过如下命令使用CLI程序上传CSR: - -``` -$ sectigo upload -p 42 .csr -{ - "batchId": 24, - "orderNumber": 1024, - "creationDate": "2020-12-10T16:35:32.805+0000", - "profile": "TRISA Profile", - "size": 1, - "status": "CREATED", - "active": false, - "batchName": "example.com certs", - "rejectReason": "", - "generatorParametersValues": null, - "userId": 10, - "downloadable": true, - "rejectable": true -} -``` - -`-p`标志指定使用CSR批处理请求的配置文件,并且必须是一个有效的profileId。上传的CSR可以是一个文本文件,包含多个使用标准BEGIN/END分隔符的PEM格式的CSR。 - -## 管理证书 - -您可以按名称或序列号搜索证书,但通常情况下,您按域名或通用名称搜索来获得序列号: - -``` -$ sectigo find -n example.com -``` - -一旦您获得序列号,您可以通过以下命令撤销证书: - -``` -$ sectigo revoke -p 42 -r "cessation of operation" -s 12345 -``` - -此命令需要使用`-p`标志颁发证书的配置文件id,一个通过`-r`标志传递(默认未指定)的[RFC 5280 原因码](https://tools.ietf.org/html/rfc5280#section-5.3.1),以及使用`-s`标志的证书序列号。如果此命令没有错误,则证书已被成功撤销。 - -RFC 5280原因包括: - -- "unspecified" -- "keycompromise" -- "ca compromise" -- "affiliation changed" -- "superseded" -- "cessation of operation" -- "certificate hold" -- "remove from crl" -- "privilege withdrawn" -- "aa compromise" - -请注意,原因不区分空格和大小写。 diff --git a/docs/content/joining-trisa/registration.en.md b/docs/content/joining-trisa/registration.en.md index 829e904d..e61017c2 100644 --- a/docs/content/joining-trisa/registration.en.md +++ b/docs/content/joining-trisa/registration.en.md @@ -8,19 +8,19 @@ weight: 20 Before you can integrate the TRISA protocol into your VASP software, you must [register](https://vaspdirectory.net/guide) with the TRISA Global Directory Service (GDS). -The TRISA Global Directory Service (GDS) provides public key and TRISA remote peer connection information for registered VASPs. For more detailed information about the directory, see the documentation on the [GDS]({{< ref "/gds" >}}). +The TRISA Global Directory Service (GDS) provides public key and TRISA remote peer connection information for registered VASPs. For more detailed information about the directory, see the documentation on the [GDS](). Once you have registered and been verified, you will receive Identity Certificates. The public key in these certificates will be made available to other VASPs via the GDS. When registering with the GDS, you will need to provide the `address:port` endpoint where your VASP implements the TRISA Network service. This address will be registered with the GDS and utilized by other VASPs when your VASP is identified as the beneficiary VASP. -For integration purposes, when you [register](https://vaspdirectory.net/guide) with the GDS, you can opt for either MainNet or TestNet Certificates, or both. The TestNet instance is designed for [testing]({{< ref "/testing" >}}), and the registration process is streamlined in the TestNet to facilitate quick integration. The MainNet is design for production Travel Rule implementations. It is recommended to register for both MainNet and TestNet, specifying different endpoints to reduce confusion for your VASP counterparties. +For integration purposes, when you [register](https://vaspdirectory.net/guide) with the GDS, you can opt for either MainNet or TestNet Certificates, or both. The TestNet instance is designed for [testing](), and the registration process is streamlined in the TestNet to facilitate quick integration. The MainNet is design for production Travel Rule implementations. It is recommended to register for both MainNet and TestNet, specifying different endpoints to reduce confusion for your VASP counterparties. ### Directory Service Registration To start your registration, visit [https://vaspdirectory.net/](https://vaspdirectory.net/guide). You will first need to create an account, and then log in using that account to start the registration process. Note that you can use this website to enter your registration details on a field-by-field basis, or to upload a JSON document containing your registration details. -One of the key pieces of information you'll need is your TRIXO Form. Below is an excerpt of some of the key fields in the TRIXO form, which provides information about transaction thresholds, currency types, and applicable regulators. Frequently, several people at an organization (e.g. legal, technical, administrative points-of-contact) need to collaborate to complete the needed information. To see the TRIXO form in full, see the [TRIXO documentation]({{< ref "/joining-trisa/trixo" >}}). +One of the key pieces of information you'll need is your TRIXO Form. Below is an excerpt of some of the key fields in the TRIXO form, which provides information about transaction thresholds, currency types, and applicable regulators. Frequently, several people at an organization (e.g. legal, technical, administrative points-of-contact) need to collaborate to complete the needed information. To see the TRIXO form in full, see the [TRIXO documentation](). ```json @@ -44,11 +44,11 @@ One of the key pieces of information you'll need is your TRIXO Form. Below is an } ``` -The final step of registration will be a [pkcs12 password]({{< ref "/joining-trisa/pkcs12" >}}), which you must keep to decrypt the Identity Certificates that will be sent via email. +The final step of registration will be a [pkcs12 password](), which you must keep to decrypt the Identity Certificates that will be sent via email. This registration will result in an email being sent to all the technical contacts specified through the webform or in the JSON file. The emails will guide you through the remainder of the registration process. Once you’ve completed the registration steps, TRISA administrators will receive your registration for review. -Once the administrators have reviewed and approved the registration, you will receive [pkcs12 password]({{< ref "/joining-trisa/pkcs12" >}})-protected, compressed Identity Certificate via email and your VASP will be publicly visible in the GDS. +Once the administrators have reviewed and approved the registration, you will receive [pkcs12 password]()-protected, compressed Identity Certificate via email and your VASP will be publicly visible in the GDS. ## Certificate Issuance diff --git a/docs/content/joining-trisa/trixo.en.md b/docs/content/joining-trisa/trixo.en.md index da1baa84..e8673def 100644 --- a/docs/content/joining-trisa/trixo.en.md +++ b/docs/content/joining-trisa/trixo.en.md @@ -8,7 +8,7 @@ weight: 21 The purpose of the TRIXO questionnaire is to provide responses to a common set of questions VASPs might ask each other before exchanging Travel Rule information. -When [registering for TRISA membership]({{< ref "/joining-trisa/registration" >}}), applicants must submit their TRIXO questionnaire in JSON form (shown below) as part of their application. After a VASP has been issued certificates, these TRIXO details are logged in the [TRISA Global Directory Service]({{< ref "/gds" >}}) to facilitate member lookups and mutual verification ahead of information exchanges. +When [registering for TRISA membership]({{% ref "/joining-trisa/registration" %}}), applicants must submit their TRIXO questionnaire in JSON form (shown below) as part of their application. After a VASP has been issued certificates, these TRIXO details are logged in the [TRISA Global Directory Service]({{% ref "/gds" %}}) to facilitate member lookups and mutual verification ahead of information exchanges. #### JSON Formatting diff --git a/docs/content/joining-trisa/verification.en.md b/docs/content/joining-trisa/verification.en.md index d7e26e7f..9330539f 100644 --- a/docs/content/joining-trisa/verification.en.md +++ b/docs/content/joining-trisa/verification.en.md @@ -6,7 +6,7 @@ description: "Domain Verification" weight: 70 --- -The [TRISA Certificate Authority]({{< relref "/ca" >}}) issues [x509 certificates](https://sectigo.com/resource-library/what-is-x509-certificate) for mTLS authentication in its peer-to-peer network. These certificates are dependent on the verified ownership of a domain name that is used both in the _common name_ of the certificate (CN) as well as the _subject alternative name_ (SAN) extension of the certificate. Your TRISA node must be hosted at a domain name that is in the SAN field of the certificate otherwise mTLS connections will fail. +The [TRISA Certificate Authority]({{% relref "/ca" %}}) issues [x509 certificates](https://sectigo.com/resource-library/what-is-x509-certificate) for mTLS authentication in its peer-to-peer network. These certificates are dependent on the verified ownership of a domain name that is used both in the _common name_ of the certificate (CN) as well as the _subject alternative name_ (SAN) extension of the certificate. Your TRISA node must be hosted at a domain name that is in the SAN field of the certificate otherwise mTLS connections will fail. {{% notice note %}} The domain that you host your TRISA node, e.g. `trisa.example.com` must be the common name of your TRISA Identity Certificates and _must_ match the endpoint of your TRISA directory record, e.g. `trisa.example.com:443`. If not, TRISA peers will be unable to connect to your TRISA node using mTLS. If you are using multiple domain names, please contact TRISA support for assistance. diff --git a/docs/content/openvasp/_index.en.md b/docs/content/openvasp/_index.en.md index d8c9bb02..f88a5e1f 100644 --- a/docs/content/openvasp/_index.en.md +++ b/docs/content/openvasp/_index.en.md @@ -20,8 +20,8 @@ In principle, then, a TRISA node must add an HTTP service to its node to accept ### Next Steps: -1. [Integrating a TRP Bridge Handler into your TRISA node]({{< ref "bridge" >}}) -2. [Making Outgoing TRP Requests]({{< ref "client" >}}) +1. [Integrating a TRP Bridge Handler into your TRISA node]() +2. [Making Outgoing TRP Requests]() ## Considerations @@ -39,7 +39,7 @@ Welcome, thank you for checking out TRISA! The best thing you can do for integra If you're interested in implementing the extensions for key exchange and parsing secure envelopes, you're more than welcome to use the Golang code in this library to get you started! If you're implementation is in another language, [please let us know](https://github.com/trisacrypto/trisa/issues) so that we can create library code to help you implement secure PII transfers. -Please see the [Getting Started Guide]({{< ref "getting-started" >}}) for more on how to implement TRISA-specific protocol details using the extensions. +Please see the [Getting Started Guide]() for more on how to implement TRISA-specific protocol details using the extensions. ### Policies diff --git a/docs/content/reference/best-practices.en.md b/docs/content/reference/best-practices.en.md index bae10d1e..f4106ad6 100644 --- a/docs/content/reference/best-practices.en.md +++ b/docs/content/reference/best-practices.en.md @@ -10,7 +10,7 @@ weight: 10 TRISA recommends that Travel Rule information transfers be stored post-transfer as encrypted Secure Envelope protocol buffers. The unsealing keys for these envelopes should be stored separately, and should be deleted once the compliance period has ended, rendering the Envelopes un-openable. This is commonly referred to as "deletion by erasure". Note that compliance periods differ by region and jurisdiction but are typically between 5 and 7 years. ## Key Management -TRISA recommends that TRISA implementers use the [Key Handler package]({{< relref "data/keys">}}) for key management. +TRISA recommends that TRISA implementers use the [Key Handler package]({{% relref "data/keys" %}}) for key management. ## Throughput Depending on the volume of Travel Rule transactions that your organization executes on a regular basis, you may wish to consider using the bidirectional streaming mode, `TransferStream`, which will support more throughput. @@ -18,4 +18,4 @@ Depending on the volume of Travel Rule transactions that your organization execu ## Deployment For deployment, TRISA implementers should be prepared to install their Identity Certificates (which will need to be reissued and reinstalled on an annual basis) to support routine and possibly long-running mTLS connections. -Implementers must also ensure that their existing databases are configured to support responding to routine Travel Rule information requests. Additional storage may be needed to store the results of these requests (e.g. encrypted [Secure Envelopes]({{< ref "/data/envelopes" >}})). \ No newline at end of file +Implementers must also ensure that their existing databases are configured to support responding to routine Travel Rule information requests. Additional storage may be needed to store the results of these requests (e.g. encrypted [Secure Envelopes]()). \ No newline at end of file diff --git a/docs/content/reference/faq.en.md b/docs/content/reference/faq.en.md index 73f6dc08..0486eea3 100644 --- a/docs/content/reference/faq.en.md +++ b/docs/content/reference/faq.en.md @@ -20,7 +20,7 @@ Read more about TRISA in the [TRISA whitepaper](https://trisa.io/trisa-whitepape ## How does TRISA work? -TRISA creates a mechanism for VASPs to exchange Travel Rule data packets by performing remote procedure calls using [gRPC]({{< relref "reference/faq#grpc" >}}) via [mTLS]({{< relref "reference/faq#mtls" >}}) connection. VASPs format the data as protocol buffers that contain details such as [IVMS101]({{< relref "reference/faq#ivms" >}}) identity and transaction payload data. +TRISA creates a mechanism for VASPs to exchange Travel Rule data packets by performing remote procedure calls using [gRPC]({{% relref "reference/faq#grpc" %}}) via [mTLS]({{% relref "reference/faq#mtls" %}}) connection. VASPs format the data as protocol buffers that contain details such as [IVMS101]({{% relref "reference/faq#ivms" %}}) identity and transaction payload data. TRISA maintains open source [Github repositories](https://github.com/trisacrypto) available to VASPs as they build, test, and deploy their TRISA node into production. @@ -40,7 +40,7 @@ TRISA centralizes a small component of the protocol by acting as a certificate a TRISA safeguards Personally Identifiable Information (PII) in flight and at rest. -In flight, [secure envelopes]({{< relref "reference/faq#envelope" >}}) are exchanged over an mTLS encrypted channel created using the identity certificates issued by the TRISA network. TRISA members can use each other's public key addresses to open a secure line of communication to transmit users’ PII. +In flight, [secure envelopes]({{% relref "reference/faq#envelope" %}}) are exchanged over an mTLS encrypted channel created using the identity certificates issued by the TRISA network. TRISA members can use each other's public key addresses to open a secure line of communication to transmit users’ PII. TRISA uses a trusted Certified Authority (CA) model, and only verified VASPs are granted certificates from the CA. Certificate authorities offer a root of trust to anchor identities to a chain of trusted entities. The CA model safeguards against a single point of failure, provides protection from attacks, and is scalable to accommodate the growing crypto landscape. @@ -73,7 +73,7 @@ Secure Envelopes wrap the identity and blockchain transaction payloads, applying ![secure envelopes](/img/secure_envelopes.png). -The [Secure Envelope documentation]({{< ref "/data/envelopes" >}}) discusses its implementation further. +The [Secure Envelope documentation]() discusses its implementation further. ## How does mTLS work? {##mtls} @@ -89,11 +89,11 @@ Depending on your business details, specific fields may be required. For more in There is an [IVMS 101 Validator](https://ivmsvalidator.com/) which can be used to double check the formatting of an IVMS101 message to ensure it is correct. -For help marshaling and unmarshaling [IVMS101 identity payloads]({{< relref "data/ivms" >}}), see the documentation about the [`ivms101` package in `trisa`](https://github.com/trisacrypto/trisa/tree/main/pkg/ivms101). +For help marshaling and unmarshaling [IVMS101 identity payloads]({{% relref "data/ivms" %}}), see the documentation about the [`ivms101` package in `trisa`](https://github.com/trisacrypto/trisa/tree/main/pkg/ivms101). ## How do I figure out where to connect to the counterparty? How do I get counterparty IVMS 101 info? -As part of the protocol, the Originator can use the [Global Directory Service]({{< relref "reference/faq#gds" >}}) to lookup the counterpoint endpoint, and sends a secure envelope providing their IVMS101 details. The Beneficiary can then verify and store the counterparty PII information needed for compliance. Next the Beneficiary can return a new secure envelope with their IVMS101 details so that the Originator can store the information for compliance. +As part of the protocol, the Originator can use the [Global Directory Service]({{% relref "reference/faq#gds" %}}) to lookup the counterpoint endpoint, and sends a secure envelope providing their IVMS101 details. The Beneficiary can then verify and store the counterparty PII information needed for compliance. Next the Beneficiary can return a new secure envelope with their IVMS101 details so that the Originator can store the information for compliance. ## Why gRPC? {##grpc} @@ -105,6 +105,6 @@ The use of gRPC also facilitates convenient encryption at rest to ensure that PI ## What's the difference between TestNet and MainNet? -The [TestNet]({{< ref "/testing" >}}) is a sandbox environment that allows VASPs to test securely sharing the cryptocurrency transaction details required to meet the FATF Travel Rule requirements. The TestNet includes [“robot” VASPs]({{< ref "/testing/rvasps" >}}) that give users the ability to interact with the TestNet by simulating transactions to see how secure transactions are conducted. Once a VASP completes testing, the VASP can switch to MainNet, where live transactions take place. +The [TestNet]({{% ref "/testing" %}}) is a sandbox environment that allows VASPs to test securely sharing the cryptocurrency transaction details required to meet the FATF Travel Rule requirements. The TestNet includes [“robot” VASPs]({{% ref "/testing/rvasps" %}}) that give users the ability to interact with the TestNet by simulating transactions to see how secure transactions are conducted. Once a VASP completes testing, the VASP can switch to MainNet, where live transactions take place. It’s important to note that the reason that there are two networks is because those networks are issued from different intermediate certificate authorities. A VASP that has been issued a TestNet certificate cannot connect to a node that is running on MainNet and vice versa. In other words, the MainNet certificate authority will not recognize TestNet certificates. When you [submit a request for TRISA certificates](https://vaspdirectory.net/guide), you may simultaneously request certificates for TestNet and MainNet. diff --git a/docs/content/testing/_index.en.md b/docs/content/testing/_index.en.md index 79cb13a2..954e4a84 100644 --- a/docs/content/testing/_index.en.md +++ b/docs/content/testing/_index.en.md @@ -8,17 +8,17 @@ weight: 30 The TRISA TestNet has been established to provide a demonstration of the TRISA peer-to-peer protocol, host "robot VASP" services to facilitate TRISA integration, and facilitate public key exchange and peer discovery via TRISA's Global Directory Service (GDS). The TestNet instance is designed for testing, and the registration process is streamlined in the TestNet to facilitate quick integration. The Testnet enables you to test and validate transactions that share sensitive information safely and securely. -For reference, the [TRISA Protocol documentation]({{< relref "api/protocol">}}) provides additional information on enabling the peer-to-peer exchange of compliance information. +For reference, the [TRISA Protocol documentation]({{% relref "api/protocol" %}}) provides additional information on enabling the peer-to-peer exchange of compliance information. The TRISA TestNet is comprised of several services, including: -- A TestNet [Certificate Authority]({{< relref "joining-trisa/ca">}}) that issues TestNet Identity Certificates (*note that these are distinct from MainNet certificates and not interchangeable*). +- A TestNet [Certificate Authority]({{% relref "joining-trisa/ca" %}}) that issues TestNet Identity Certificates (*note that these are distinct from MainNet certificates and not interchangeable*). - [TRISA Directory Service](https://vaspdirectory.net/) - a user interface to explore the TRISA Global Directory Service and register to become a TRISA member - [TestNet Demo](https://vaspbot.net) - a demo site to show TRISA interactions between “robot” VASPs that run in the TestNet -The TestNet also hosts three ["robot VASPs" (rVASPs)]({{< relref "testing/rvasps">}}) that have been implemented as a convenience for TRISA members to integrate their TRISA services and validate the compliance solution safely. The primary rVASP is Alice, a secondary for demo purposes is Bob, and an "evil" rVASP to test interactions with non-verified TRISA members. +The TestNet also hosts three ["robot VASPs" (rVASPs)]({{% relref "testing/rvasps" %}}) that have been implemented as a convenience for TRISA members to integrate their TRISA services and validate the compliance solution safely. The primary rVASP is Alice, a secondary for demo purposes is Bob, and an "evil" rVASP to test interactions with non-verified TRISA members. -The TestNet also provides a [command line utility]({{< relref "testing/trisa-cli">}}) for interacting with the API for administrative and debugging purposes, using the testnet certificates. +The TestNet also provides a [command line utility]({{% relref "testing/trisa-cli" %}}) for interacting with the API for administrative and debugging purposes, using the testnet certificates. ![TestNet Architecture](/img/testnet_architecture.png) @@ -30,4 +30,4 @@ The following steps are required to join the TestNet: 2. Complete the VASP Verification form and due diligence process. Once approved, you will gain access to the TestNet. -3. Set up your TRISA node and implement the [TRISA API]({{< relref "/api">}}). +3. Set up your TRISA node and implement the [TRISA API]({{% relref "/api" %}}). diff --git a/docs/content/testing/rvasps.de.md b/docs/content/testing/rvasps.de.md index 6147a69b..f1ac73ce 100644 --- a/docs/content/testing/rvasps.de.md +++ b/docs/content/testing/rvasps.de.md @@ -46,7 +46,7 @@ Wenn Sie ein Traveler-Kunde sind, haben die fettgedruckten Adressen oben einige ### Präliminarien -In dieser Dokumentation wird davon ausgegangen, dass Sie einen Dienst haben, der den neuesten `TRISANetwork`-Dienst ausführt, und dass er im TRISA TestNet registriert ist und TestNet-Zertifikate korrekt installiert hat. Weitere Informationen finden Sie in der [TRISA-Integrationsübersicht]({{< ref "getting-started/_index.md" >}}). **WARNUNG**: Die rVASPs nehmen nicht am TRISA-Produktionsnetz teil, sie antworten nur auf verifizierte TRISA TestNet mTLS-Verbindungen. +In dieser Dokumentation wird davon ausgegangen, dass Sie einen Dienst haben, der den neuesten `TRISANetwork`-Dienst ausführt, und dass er im TRISA TestNet registriert ist und TestNet-Zertifikate korrekt installiert hat. Weitere Informationen finden Sie in der [TRISA-Integrationsübersicht](). **WARNUNG**: Die rVASPs nehmen nicht am TRISA-Produktionsnetz teil, sie antworten nur auf verifizierte TRISA TestNet mTLS-Verbindungen. Um mit der rVASP-API zu interagieren, können Sie entweder: diff --git a/docs/content/testing/rvasps.en.md b/docs/content/testing/rvasps.en.md index 20378c0c..bd678fa9 100644 --- a/docs/content/testing/rvasps.en.md +++ b/docs/content/testing/rvasps.en.md @@ -62,7 +62,7 @@ There are two wallets for each customer to support wallet addresses that look li ### Preliminaries -This documentation assumes that you have a service that is running the latest `TRISANetwork` service and that this service has been registered in the TRISA TestNet and has TestNet certificates correctly installed. See [ TRISA Integration Overview]({{< ref "getting-started/_index.md" >}}) for more information. **WARNING**: the rVASPs do not participate in the TRISA production network. They will only respond to verified TRISA TestNet mTLS connections. +This documentation assumes that you have a service that is running the latest `TRISANetwork` service and that this service has been registered in the TRISA TestNet and has TestNet certificates correctly installed. See [ TRISA Integration Overview]() for more information. **WARNING**: the rVASPs do not participate in the TRISA production network. They will only respond to verified TRISA TestNet mTLS connections. To interact with the rVASP API, you may either: @@ -169,7 +169,7 @@ The identity payload cannot be null and must be valid IVMS101, but may be partia Create a sealed envelope using either the directory service or direct key exchange to fetch the rVASP RSA public keys and use `AES256-GCM` and `HMAC-SHA256` as the envelope cryptography. Then, use the `TRISANetwork` service `Transfer` RPC to send the sealed envelope to the rVASP. -See [Secure Envelopes]({{< ref "data/envelopes" >}}) for more on how to compose a valid secure envelope for transfers and the [TRISA CLI]({{< ref "testing/trisa-cli" >}}) for more on how to use a command line application for sending transfers. +See [Secure Envelopes]({{% ref "data/envelopes" %}}) for more on how to compose a valid secure envelope for transfers and the [TRISA CLI]({{% ref "testing/trisa-cli" %}}) for more on how to use a command line application for sending transfers. #### Beneficiary Policies diff --git a/docs/content/testing/rvasps.fr.md b/docs/content/testing/rvasps.fr.md index 4ac7d0c0..b20ccbdb 100644 --- a/docs/content/testing/rvasps.fr.md +++ b/docs/content/testing/rvasps.fr.md @@ -46,7 +46,7 @@ Si vous êtes un client de Traveler, les adresses en gras ci-dessus sont associ ### Préliminaires -Cette documentation suppose que vous avez un service qui exécute la dernière version du service `TRISANetwork` et qu'il a été enregistré dans le TestNet TRISA et que les certificats TestNet sont correctement installés. Voir [Vue d'ensemble de l'intégration de TRISA]({{< ref "getting-started/_index.md" >}}) pour plus d’informations. **AVERTISSEMENT**: les rVASP ne participent pas au réseau de production TRISA, ils ne répondent qu'aux connexions mTLS vérifiées de TRISA TestNet. +Cette documentation suppose que vous avez un service qui exécute la dernière version du service `TRISANetwork` et qu'il a été enregistré dans le TestNet TRISA et que les certificats TestNet sont correctement installés. Voir [Vue d'ensemble de l'intégration de TRISA]({{% ref "getting-started/_index.md" %}}) pour plus d’informations. **AVERTISSEMENT**: les rVASP ne participent pas au réseau de production TRISA, ils ne répondent qu'aux connexions mTLS vérifiées de TRISA TestNet. Pour interagir avec l'API rVASP, vous pouvez soit : diff --git a/docs/content/testing/rvasps.ja.md b/docs/content/testing/rvasps.ja.md index 5ac733f9..4cc24dce 100644 --- a/docs/content/testing/rvasps.ja.md +++ b/docs/content/testing/rvasps.ja.md @@ -46,7 +46,7 @@ rVASPには、偽のウォレットアドレスを持つ偽の顧客のデータ ### 予選 -このドキュメントは、最新の「TRISA ネットワーク」サービスを実行しているサービスがあり、そのサービスがTRISA TestNetに登録されており、TestNet証明書が正しくインストールされていることを前提としています。 [TRISA統合の概要を参照してください]({{< ref "getting-started/_index.md" >}}) 詳細については。 **警告**: rVASPはTRISAネットワークに参加せず、検証済みのTRISA TestNet mTLS接続にのみ応答します。 +このドキュメントは、最新の「TRISA ネットワーク」サービスを実行しているサービスがあり、そのサービスがTRISA TestNetに登録されており、TestNet証明書が正しくインストールされていることを前提としています。 [TRISA統合の概要を参照してください]({{% ref "getting-started/_index.md" %}}) 詳細については。 **警告**: rVASPはTRISAネットワークに参加せず、検証済みのTRISA TestNet mTLS接続にのみ応答します。 rVASP APIと対話するには、次のいずれかを実行できます。 diff --git a/docs/content/testing/rvasps.zh.md b/docs/content/testing/rvasps.zh.md index 55f9c313..7deb9d10 100644 --- a/docs/content/testing/rvasps.zh.md +++ b/docs/content/testing/rvasps.zh.md @@ -46,7 +46,7 @@ rVASP有一个内置的数据库,里面存储着带有假钱包地址的假客 ### 条件 -本文档假设您有一个正在运行最新`TRISANetwork`的服务,并且它已经在TRISA TestNet中注册,并且正确地安装了TestNet证书。参见[TRISA 集成概况]({{< ref "getting-started/_index.md" >}})了解更多信息。**警告**: rVASP不参与TRISA工作网络,他们将只响应已验证的TRISA TestNet mTLS连接。 +本文档假设您有一个正在运行最新`TRISANetwork`的服务,并且它已经在TRISA TestNet中注册,并且正确地安装了TestNet证书。参见[TRISA 集成概况]({{% ref "getting-started/_index.md" %}})了解更多信息。**警告**: rVASP不参与TRISA工作网络,他们将只响应已验证的TRISA TestNet mTLS连接。 要与rVASP API交互,您可以: diff --git a/docs/content/testing/trisa-cli.en.md b/docs/content/testing/trisa-cli.en.md index 40088286..fb73d991 100644 --- a/docs/content/testing/trisa-cli.en.md +++ b/docs/content/testing/trisa-cli.en.md @@ -24,7 +24,7 @@ Before you can start using the TRISA CLI, you must first configure your environm **Prerequisites**: 1. The `trisa` command installed and on your `$PATH` -2. Your [testnet certificates]({{< ref "/joining-trisa/registration" >}}) that include both the trust chain and private key. +2. Your [testnet certificates]({{% ref "/joining-trisa/registration" %}}) that include both the trust chain and private key. The TRISA CLI command is configured via flags specified for each command or by setting environment variables in your shell with the configuration. The CLI also supports the use of [.env](https://platform.sh/blog/2021/we-need-to-talk-about-the-env/) files in the current working directory for configuration. To see what CLI flags should be specified use `trisa --help`. An example `.env` configuration file is as follows: @@ -73,7 +73,7 @@ To create a complete envelope or a fully sealed envelope, simply specify the pub ## Sealing -To seal an envelope you must have the public keys of the recipient, see [the key exchanges section]({{< relref "#key-exchanges" >}}) for more detail on how to retrieve the public sealing key of a remote peer. Once you've exchanged keys and saved them to disk, you can seal an unsealed envelope with the following command: +To seal an envelope you must have the public keys of the recipient, see [the key exchanges section]({{% relref "#key-exchanges" %}}) for more detail on how to retrieve the public sealing key of a remote peer. Once you've exchanged keys and saved them to disk, you can seal an unsealed envelope with the following command: ``` $ trisa seal -in unsealed_envelope.json -out sealed_evelope.json -seal public.pem @@ -158,7 +158,7 @@ You can also use a secure envelope payload template to seal and transfer an enve $ trisa transfer -i outgoing.json -s public_sealing_key.pem ``` -See [sealing secure envelopes]({{< relref "#sealing" >}}) for more information on the command line arguments that can be used to adapt secure envelopes before sending them. +See [sealing secure envelopes]({{% relref "#sealing" %}}) for more information on the command line arguments that can be used to adapt secure envelopes before sending them. If you would like to send an error-only secure envelope to the recipient, then you must supply the envelope ID, error code, and error message as follows: @@ -275,7 +275,7 @@ Categories that may be helpful in filtering: ## Guided Walkthrough -This section contains a guided walkthrough of an interaction with the [Alice rVASP]({{< relref "rvasps.md" >}}) using the CLI. To complete this walkthrough you will need TRISA TestNet certificates issued by the TRISA Global Directory Service, the `trisa` CLI application installed and configured with those certs as discussed at the top of this guide. Ensure that the `$TRISA_DIRECTORY` environment variable is set to `testnet`. +This section contains a guided walkthrough of an interaction with the [Alice rVASP](% relref "rvasps.md" %}}) using the CLI. To complete this walkthrough you will need TRISA TestNet certificates issued by the TRISA Global Directory Service, the `trisa` CLI application installed and configured with those certs as discussed at the top of this guide. Ensure that the `$TRISA_DIRECTORY` environment variable is set to `testnet`. First, perform a TRISA Global Directory search for the Alice VASP: diff --git a/docs/config.toml b/docs/hugo.toml similarity index 86% rename from docs/config.toml rename to docs/hugo.toml index f2927cfd..341c2d40 100644 --- a/docs/config.toml +++ b/docs/hugo.toml @@ -11,7 +11,7 @@ defaultContentLanguage = "en" defaultContentLanguageInSubdir = false enableMissingTranslationPlaceholders = false -[Params] +[params] # Source Code repository section description = "TRISA Documentation" @@ -49,94 +49,106 @@ enableMissingTranslationPlaceholders = false disableShortcutsTitle = true - favicon = "/images/favicon.png" + favicon = "favicon.png" -[Languages] - [Languages.en] + additionalContentLanguage = ['en'] + +[languages] + [languages.en] title = "TRISA Documentation" weight = 1 languageName = "English" + + [languages.en.params] landingPageName = " Home" - [[Languages.en.menu.shortcuts]] + [[languages.en.menu.shortcuts]] name = " Version v1beta1" identifier = "ds" url = "https://github.com/trisacrypto/trisa" weight = 10 - [[Languages.en.menu.shortcuts]] + [[languages.en.menu.shortcuts]] name = " TRISA API Documentation" identifier = "trisadocs" url = "https://pkg.go.dev/github.com/trisacrypto/trisa/pkg" weight = 11 - [Languages.de] + [languages.de] title = "TRISA Dokumentation" weight = 2 languageName = "Deutsch" + + [languages.de.params] landingPageName = " Startseite" - [[Languages.de.menu.shortcuts]] + [[languages.de.menu.shortcuts]] name = " Version v1beta1" identifier = "ds" url = "https://github.com/trisacrypto/trisa" weight = 12 - [[Languages.de.menu.shortcuts]] + [[languages.de.menu.shortcuts]] name = " TRISA API Documentation" identifier = "trisadocs" url = "https://pkg.go.dev/github.com/trisacrypto/trisa/pkg" weight = 13 - [Languages.fr] + [languages.fr] title = "Documentation de TRISA" weight = 3 languageName = "Français" + + [languages.fr.params] landingPageName = " Accueil" - [[Languages.fr.menu.shortcuts]] + [[languages.fr.menu.shortcuts]] name = " Version v1beta1" identifier = "ds" url = "https://github.com/trisacrypto/trisa" weight = 14 - [[Languages.fr.menu.shortcuts]] + [[languages.fr.menu.shortcuts]] name = " TRISA API Documentation" identifier = "trisadocs" url = "https://pkg.go.dev/github.com/trisacrypto/trisa/pkg" weight = 15 - [Languages.zh] + [languages.zh] title = "TRISA 文档" weight = 4 languageName = "中文" + + [languages.zh.params] landingPageName = " 主页" - [[Languages.zh.menu.shortcuts]] + [[languages.zh.menu.shortcuts]] name = " Version v1beta1" identifier = "ds" url = "https://github.com/trisacrypto/trisa" weight = 16 - [[Languages.zh.menu.shortcuts]] + [[languages.zh.menu.shortcuts]] name = " TRISA API Documentation" identifier = "trisadocs" url = "https://pkg.go.dev/github.com/trisacrypto/trisa/pkg" weight = 17 - [Languages.ja] + [languages.ja] title = "TRISAのドキュメント" weight = 5 languageName = "日本語" + + [languages.ja.params] landingPageName = " ホームページ" - [[Languages.ja.menu.shortcuts]] + [[languages.ja.menu.shortcuts]] name = " Version v1beta1" identifier = "ds" url = "https://github.com/trisacrypto/trisa" weight = 18 - [[Languages.ja.menu.shortcuts]] + [[languages.ja.menu.shortcuts]] name = " TRISA API Documentation" identifier = "trisadocs" url = "https://pkg.go.dev/github.com/trisacrypto/trisa/pkg" diff --git a/docs/layouts/partials/custom-footer.html b/docs/layouts/partials/custom-footer.html index dd3f3615..ae8bf59d 100644 --- a/docs/layouts/partials/custom-footer.html +++ b/docs/layouts/partials/custom-footer.html @@ -1,3 +1,4 @@ +