add: process to report compromised certificates

[gigi.git] / src / club / wpia / gigi / pages / main / KeyCompromiseForm.templ

diff --git a/src/club/wpia/gigi/pages/main/KeyCompromiseForm.templ b/src/club/wpia/gigi/pages/main/KeyCompromiseForm.templ
new file mode 100644 (file)
index 0000000..2c083bd
--- /dev/null
+++ b/src/club/wpia/gigi/pages/main/KeyCompromiseForm.templ
@@ -0,0 +1,45 @@
+<p>
+<?=_This form allows you to report a certificate whose private key has been compromised.?>
+<?=_You require to identify the certificate you need to report.?>
+<?=_You may upload the certificate (as PEM or DER) or may identify the certificate by serial.?>
+</p>
+
+<p>
+<?=_Additionally you need to prove that you have access to the private key.?>
+<?=_There are also two possibilities available here:?>
+<?=_Either you may upload the plain private key (as PEM or DER) or you may only sign a given message with the according private key.?>
+<?=_You may create a fitting signature with this command:?>
+</p>
+<p>
+<code>
+echo -n "This private key has been compromised. Challenge: <span id="signChallenge"><?=$challenge?></span>" | openssl dgst -sha256 -sign priv.key | base64
+</code>
+</p>
+
+<table class="table">
+  <tbody>
+  <tr>
+    <td><?=_Certificate?>: </td>
+    <td>
+      <textarea class="form-control" name="cert" rows="3" cols="40" placeholder="Certificate"></textarea>
+    </td>
+    <td>or</td>
+    <td>
+      <input type="text" class="form-control" name="serial" placeholder="Certificate Serial Number (hexadecimal)">
+    </td>
+  </tr>
+  <tr>
+    <td><?=_Private Key?>: </td>
+    <td>
+      <textarea class="form-control" name="priv" rows="3" cols="40" placeholder="Private Key"></textarea>
+    </td>
+    <td>or</td>
+    <td>
+      <input type="text" class="form-control" name="signature" placeholder="Signature">
+    </td>
+  </tr>
+  <tr>
+    <td colspan="4"><input class="btn btn-primary" type="submit" name="process" value="<?=_Next?>"></td>
+  </tr>
+  </tbody>
+</table>