diff --git a/CHANGELOG.md b/CHANGELOG.md index 110a51d8..762932e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ ### Added - Amountless invoices [NUT](https://github.com/cashubtc/nuts/pull/173) [PR](https://github.com/cashubtc/cdk/pull/497) ([thesimplekid]). - `create_time`, `paid_time` to mint and melt quotes [PR](https://github.com/cashubtc/cdk/pull/708) ([thesimplekid]). +- cdk-mint-rpc: Added get mint and melt quotes ttl [PR](https://github.com/cashubtc/cdk/pull/716) ([thesimplekid]). ### Changed - cashu: Move wallet mod to cdk-common ([thesimplekid]). @@ -17,6 +18,8 @@ ### Fixed - Creation of memory sqlite db [PR](https://github.com/cashubtc/cdk/pull/707) ([crodas]). - cdk-cli: Ensure auth wallet is created before attempting to mint pending [PR](https://github.com/cashubtc/cdk/pull/704) ([thesimplekid]). +- cdk-mint-rpc: Adding mint urls was not updating correctly [PR](https://github.com/cashubtc/cdk/pull/716) ([thesimplekid]). +- cdk-mint-rpc: Fixed setting long description [PR](https://github.com/cashubtc/cdk/pull/716) ([thesimplekid]). ## [v0.8.1](https://github.com/cashubtc/cdk/releases/tag/v0.8.1) diff --git a/README.md b/README.md index ebd4d018..72c72979 100644 --- a/README.md +++ b/README.md @@ -83,6 +83,8 @@ For a guide to settings up a development environment see [DEVELOPMENT.md](./DEVE | [18][18] | Payment Requests | :heavy_check_mark: | | [19][19] | Cached responses | :heavy_check_mark: | | [20][20] | Signature on Mint Quote | :heavy_check_mark: | +| [21][21] | Clear Authentication | :heavy_check_mark: | +| [22][22] | Blind Authentication | :heavy_check_mark: | ## Bindings @@ -123,3 +125,5 @@ Please see the [development guide](DEVELOPMENT.md). [18]: https://github.com/cashubtc/nuts/blob/main/18.md [19]: https://github.com/cashubtc/nuts/blob/main/19.md [20]: https://github.com/cashubtc/nuts/blob/main/20.md +[20]: https://github.com/cashubtc/nuts/blob/main/21.md +[20]: https://github.com/cashubtc/nuts/blob/main/22.md diff --git a/crates/cdk-mint-rpc/CERTIFICATES.md b/crates/cdk-mint-rpc/CERTIFICATES.md new file mode 100644 index 00000000..16a3b445 --- /dev/null +++ b/crates/cdk-mint-rpc/CERTIFICATES.md @@ -0,0 +1,82 @@ +# gRPC TLS Certificate Generation Guide + +This guide explains how to generate the necessary TLS certificates for securing gRPC communication between client and server. + +## Overview + +The script generates the following certificates and keys: +- Certificate Authority (CA) certificate and key +- Server certificate and key +- Client certificate and key + +All certificates are generated in PEM format, which is commonly used in Unix/Linux systems. + +## Prerequisites + +- OpenSSL installed on your system +- Bash shell environment + +## Generated Files + +The script will create the following files: +- `ca.key` - Certificate Authority private key +- `ca.pem` - Certificate Authority certificate +- `server.key` - Server private key +- `server.pem` - Server certificate +- `client.key` - Client private key +- `client.pem` - Client certificate + +## Usage + +1. Make the script executable: + ```bash + chmod +x generate_certs.sh + ``` +2. Run the script: + ```bash + ./generate_certs.sh + ``` + +## Certificate Details + +### Certificate Authority (CA) +- 4096-bit RSA key +- Valid for 365 days +- Used to sign both server and client certificates + +### Server Certificate +- 4096-bit RSA key +- Valid for 365 days +- Includes Subject Alternative Names (SAN): + - DNS: localhost + - DNS: my-server + - IP: 127.0.0.1 + +### Client Certificate +- 4096-bit RSA key +- Valid for 365 days +- Used for client authentication + +## Verification + +The script includes verification steps to ensure the certificates are properly generated: +```bash +# Verify server certificate +openssl verify -CAfile ca.pem server.pem + +# Verify client certificate +openssl verify -CAfile ca.pem client.pem +``` + +## Security Notes + +1. Keep private keys (*.key files) secure and never share them +2. The CA certificate (ca.pem) needs to be distributed to both client and server +3. Server needs: + - server.key + - server.pem + - ca.pem +4. Client needs: + - client.key + - client.pem + - ca.pem diff --git a/crates/cdk-mint-rpc/README.md b/crates/cdk-mint-rpc/README.md index f13710fa..6a7823f0 100644 --- a/crates/cdk-mint-rpc/README.md +++ b/crates/cdk-mint-rpc/README.md @@ -1,93 +1,43 @@ - # Cashu Mint Management RPC -This crate is a grpc client and server to control and manage a cdk mint. This crate exposes a server complnate that can be imported as library compontant, see its usage in `cdk-mintd`. The client can be used as a cli by running `cargo r --bin cdk-mint-cli`. +This crate is a gRPC client and server to control and manage a CDK mint. This crate exposes a server component that can be imported as a library component, see its usage in `cdk-mintd`. The client can be used as a CLI by running `cargo r --bin cdk-mint-cli`. -The server can be run with or without certificate authentication. For running with authentication follow the below steps to create certificates. - - -# gRPC TLS Certificate Generation Guide - -This guide explains how to generate the necessary TLS certificates for securing gRPC communication between client and server. +The server can be run with or without certificate authentication. For running with authentication, see the [Certificate Generation Guide](./CERTIFICATES.md) for instructions on creating the necessary certificates using the included `generate_certs.sh` script. ## Overview -The script generates the following certificates and keys: -- Certificate Authority (CA) certificate and key -- Server certificate and key -- Client certificate and key +The cdk-mint-rpc crate provides: -All certificates are generated in PEM format, which is commonly used in Unix/Linux systems. +1. A gRPC server for managing Cashu mints +2. A CLI client (`cdk-mint-cli`) for interacting with the gRPC server -## Prerequisites +This allows mint operators to manage their Cashu mint instances remotely through a secure gRPC interface. -- OpenSSL installed on your system -- Bash shell environment +## Features -## Generated Files - -The script will create the following files: -- `ca.key` - Certificate Authority private key -- `ca.pem` - Certificate Authority certificate -- `server.key` - Server private key -- `server.pem` - Server certificate -- `client.key` - Client private key -- `client.pem` - Client certificate +- Remote mint management via gRPC +- Secure authentication +- Command-line interface for common mint operations +- Integration with other CDK components ## Usage -1. Save the script as `generate_certs.sh` -2. Make it executable: - ```bash - chmod +x generate_certs.sh - ``` -3. Run the script: - ```bash - ./generate_certs.sh - ``` +### CLI Client -## Certificate Details +The `cdk-mint-cli` provides a command-line interface for interacting with the mint: -### Certificate Authority (CA) -- 4096-bit RSA key -- Valid for 365 days -- Used to sign both server and client certificates - -### Server Certificate -- 4096-bit RSA key -- Valid for 365 days -- Includes Subject Alternative Names (SAN): - - DNS: localhost - - DNS: my-server - - IP: 127.0.0.1 - -### Client Certificate -- 4096-bit RSA key -- Valid for 365 days -- Used for client authentication - - -## Verification - -The script includes verification steps to ensure the certificates are properly generated: ```bash -# Verify server certificate -openssl verify -CAfile ca.pem server.pem - -# Verify client certificate -openssl verify -CAfile ca.pem client.pem +# Using cargo to run the CLI with a specific address +cargo r --bin cdk-mint-cli -- --addr https://127.0.0.1:8086 get-info ``` -## Security Notes +## Related Crates -1. Keep private keys (*.key files) secure and never share them -2. The CA certificate (ca.pem) needs to be distributed to both client and server -3. Server needs: - - server.key - - server.pem - - ca.pem -4. Client needs: - - client.key - - client.pem - - ca.pem +This crate is part of the Cashu Development Kit (CDK) ecosystem: +- [cdk](../cdk/): Core Cashu protocol implementation +- [cdk-mintd](../cdk-mintd/): Cashu Mint Binary + +## License + +MIT License