RepoCloudflare (Workers AI)Cloudflare (Workers AI)published Jul 18, 2024seen 5d

cloudflare/plexi

Rust

Open original ↗

Captured source

source ↗
GH
GitHub/github.com/cloudflare/plexi
cloudflare/plexi repository metadata
Source ↗
published Jul 18, 2024seen 5dcaptured 8hhttp 200method plain

cloudflare/plexi

Description: Your Key Transparency auditor companion

Language: Rust

License: Apache-2.0

Stars: 39

Forks: 6

Open issues: 4

Created: 2024-07-18T13:42:07Z

Pushed: 2026-04-23T20:46:29Z

Default branch: main

Fork: no

Archived: no

README:

Plexi

![Plexi banner](./docs/assets/plexi_banner.png)

Plexi is a flexible auditor for Key Transparency systems.

Tables of Content

  • [Features](#features)
  • [Installation](#installation)
  • [Usage](#usage)
  • [Configure your auditor remote](#configure-your-auditor-remote)
  • [List monitored Logs](#list-monitored-logs)
  • [Audit a signature](#audit-a-signature)
  • [Conduct](#conduct)
  • [License](#license)

Features

  • Verify authenticity of a signature, to confirm it has been signed by a given public key
  • Verify the validity of facebook/akd proofs
  • List Logs an Auditor monitors

Installation

| Environment | CLI Command | |:--------------------------------------------------------------|:----------------------| | Cargo (Rust 1.81+) | cargo install plexi |

Usage

Use the --help option for more details about the commands and their options.

plexi [OPTIONS]

Configure your auditor remote

plexi does not come with a default remote auditor, and you will need to choose your own.

You can do so either by passing --remote-url= or setting the PLEXI_REMOTE_URL environment variable.

A common remote is provided below:

| Name | Remote | |:-----------|:------------------------------------------------| | Cloudflare | https://plexi.key-transparency.cloudflare.com |

If you have deployed your own auditor, you can add a remote by filing a GitHub issue.

List monitored Logs

An auditor monitors multiple Logs at once. To discover which Logs an auditor is monitoring, run the following:

plexi ls --remote-url 'https://plexi.key-transparency.cloudflare.com'
whatsapp.key-transparency.v1

Audit a signature

The Key Transparency Auditor vouches for Log validity by ensuring epoch uniqueness. and verifying the associated proof

plexi audit provides information about a given epoch and its validity. It can perform a local audit to confirm the auditor behaviour.

For instance, to verify WhatsApp Log auditted by Cloudflare Auditor, run the following:

> plexi audit --remote-url 'https://plexi.key-transparency.cloudflare.com' --namespace 'whatsapp.key-transparency.v1' --long
Namespace
Name : whatsapp.key-transparency.v1
Ciphersuite : ed25519(protobuf)

Signature (2024-09-23T16:53:45Z)
Epoch height : 489193
Epoch digest : cbe5097ae832a3ae51ad866104ffd4aa1f7479e873fd18df9cb96a02fc91ebfe
Signature : fe94973e19da826487b637c019d3ce52f0c08093ada00b4fe6563e2f8117b4345121342bc33aae249be47979dfe704478e2c18aed86e674df9f934b718949c08
Signature verification: success
Proof verification : success

If you already know the auditor verifying key, you can pass it via --verifying-key. Plexi will verify that the key is advertised by the auditor, and that the signature is valid against it.

plexi audit \
--remote-url 'https://plexi.key-transparency.cloudflare.com' \
--namespace 'whatsapp.key-transparency.v1' \
--verifying-key '2bbfbb39997fdb95feee40ef9f8827de0256732be06f64ed6408cc7e97c7f4d4'

Conduct

Plexi and Cloudflare OpenSource generally follows the Contributor Covenant Code of Conduct. Violating the CoC could result in a warning or a ban to Plexi or any and all repositories in the Cloudflare organization.

License

This project is Licensed under [Apache License, Version 2.0](./LICENSE).

Notability

notability 3.0/10

Low stars, routine new repo