Metadata-Version: 2.4
Name: ftw-pki-unpacker
Version: 0.0.4
Summary: A secure extraction utility for unpacking encrypted and signed PKI certificate bundles.
Author-email: Fitzz TeXnik Welt <FitzzTeXnikWelt@t-online.de>
Maintainer-email: Fitzz TeXnik Welt <FitzzTeXnikWelt@t-online.de>
License-Expression: LGPL-2.1-or-later
Project-URL: Homepage, https://github.com/fitzz-ftw/ftw-pki-unpacker
Project-URL: Documentation, https://github.com/fitzz-ftw/ftw-pki-unpacker/blob/main/README.md
Project-URL: Repository, https://github.com/fitzz-ftw/ftw-pki-unpacker.git
Project-URL: Issues, https://github.com/fitzz-ftw/ftw-pki-unpacker/issues
Project-URL: Changelog, https://github.com/fitzz-ftw/ftw-pki-unpacker/blob/main/CHANGELOG.md
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Topic :: Software Development :: Build Tools
Classifier: Topic :: Text Processing :: Filters
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Programming Language :: Python :: 3.15
Classifier: Operating System :: OS Independent
Requires-Python: >=3.11
Description-Content-Type: text/markdown
Requires-Dist: ftw-pki-libs
Provides-Extra: doc
Requires-Dist: sphinx<9.0.0; extra == "doc"
Requires-Dist: myst-parser; extra == "doc"
Requires-Dist: sphinx-argparse; extra == "doc"
Requires-Dist: autoclasstoc; extra == "doc"
Requires-Dist: sphinx-nefertiti; extra == "doc"
Requires-Dist: sphinx-copybutton; extra == "doc"
Requires-Dist: sphinx-design; extra == "doc"
Requires-Dist: sphinx-mdinclude; extra == "doc"
Requires-Dist: sphinxcontrib-mermaid; extra == "doc"
Provides-Extra: dev
Requires-Dist: ftw-pki-unpacker[doc,lint,test]; extra == "dev"
Requires-Dist: esbonio==0.16.5; extra == "dev"
Provides-Extra: lint
Requires-Dist: ruff; extra == "lint"
Provides-Extra: test
Requires-Dist: pytest; extra == "test"
Requires-Dist: pytest-mock; extra == "test"
Requires-Dist: pytest-cov; extra == "test"
Requires-Dist: ftw-devtools; extra == "test"

# ftw-pki-unpacker

[![Python 3.11+](https://img.shields.io/badge/python-3.11+-blue.svg)](https://www.python.org/downloads/)
[![License: LGPL v2.1](https://img.shields.io/badge/License-LGPL_v2.1-blue.svg)](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html)
[![Coverage: 90%](https://img.shields.io/badge/coverage-94%25-brightgreen.svg)]

The secure ingestion, validation, and decryption gateway of the **ftw-pki** suite. This repository provides the `ftwpkiunpacker` utility.

## 🛠 Why do we need an Unpacker?

In high-security PKI environments, signing entities (especially Root and Intermediate CAs) often operate in restricted or offline environments. They should never be directly exposed to raw, unvalidated input from the network.

The **Unpacker** acts as a "buffer, filter, and delivery endpoint":

1. **Ingestion & Sanitization:** It collects Certificate Signing Requests (CSRs) and pre-validates them against defined security policies before they ever reach the signing tools.
2. **Security Boundary:** It ensures that only well-formed and authorized requests are passed forward, protecting the sensitive signing infrastructure from malformed data or injection attacks.
3. **Secure Decryption:** Signed certificates are returned encrypted with the sender's public key. The Receiver uses the corresponding private key to decrypt the payload, making the certificate available to the end-user.

## ✨ Features

* **Automated Configuration:** On its first run, the tool automatically initializes the necessary configuration files in the user's config directory (e.g., `~/.config/ftwpki/`).
* **Integrity Checks:** Verifies the cryptographic signatures of incoming CSRs to ensure they haven't been tampered with during transit.
* **Minimalist CLI:** Designed to be as simple as possible to minimize the attack surface, requiring only essential positional arguments.


## 📖 Documentation

* **Technical Manual:** Detailed information on validation rules and security handshakes is available in the `doc/source/` directory.
* **User Config:** If you need to adjust policies, refer to the config file automatically created in your user profile.

## 📄 License

This project is licensed under the **LGPL v2.1 (or later)**.

---
© 2026 ftw-pki Contributors
