certificate-transparency/ctool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add +all argument

Browse Source
This commit is contained in:
Pim van Pelt
2026-04-05 23:20:13 +02:00
parent 12cef73a74
commit cba89df53b
3 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@@ -20,7 +20,7 @@ not index modules on `git.ipng.ch`.
Fetch a specific entry (or all entries in its tile) by leaf index:
```bash
ctfetch [flags] <log-url> <leaf-index> [+sct] [+issuer] [+ctlog]
ctfetch [flags] <log-url> <leaf-index> [+sct] [+issuer] [+ctlog] [+all]
```
**Examples:**
@@ -32,7 +32,7 @@ ctfetch https://halloumi2026h1.mon.ct.ipng.ch 629794635
Dump with SCTs, issuer chain, and CT log details:
```bash
ctfetch https://halloumi2026h1.mon.ct.ipng.ch 629794635 +sct +issuer +ctlog
ctfetch https://halloumi2026h1.mon.ct.ipng.ch 629794635 +all
```
### Tile-dump mode
@@ -40,7 +40,7 @@ ctfetch https://halloumi2026h1.mon.ct.ipng.ch 629794635 +sct +issuer +ctlog
Fetch all entries from a tile URL or a local file. Automatically detects data tiles (log entries) and hash tiles (Merkle tree hashes).
```bash
ctfetch [flags] <tile-url-or-file> [+sct] [+issuer] [+ctlog]
ctfetch [flags] <tile-url-or-file> [+sct] [+issuer] [+ctlog] [+all]
```
**Examples:**
@@ -69,9 +69,9 @@ ctfetch --monitoring-url https://halloumi2026h1.mon.ct.ipng.ch tile.bin +issuer
A Static CT log stores two kinds of tiles:
**Data tiles** (`/tile/data/...`) contain the actual log entries — DER-encoded certificates and precertificates along with their metadata (leaf index, timestamp, chain fingerprints, etc.). These are what `ctfetch` parses into structured JSON. The output modifiers `+sct`, `+issuer`, and `+ctlog` all operate on data tiles.
**Data tiles** (`/tile/data/...`) contain the actual log entries — DER-encoded certificates and precertificates along with their metadata (leaf index, timestamp, chain fingerprints, etc.). These are what `ctfetch` parses into structured JSON. The output modifiers `+sct`, `+issuer`, `+ctlog`, and `+all` all operate on data tiles.
**Hash tiles** (`/tile/N/...`, where N is a tree level ≥ 0) contain the internal nodes of the Merkle tree — rows of raw 32-byte SHA-256 hashes used for inclusion and consistency proofs. There are no certificates in a hash tile; `ctfetch` outputs only the list of hashes. Using `+sct`, `+issuer`, or `+ctlog` with a hash tile is an error.
**Hash tiles** (`/tile/N/...`, where N is a tree level ≥ 0) contain the internal nodes of the Merkle tree — rows of raw 32-byte SHA-256 hashes used for inclusion and consistency proofs. There are no certificates in a hash tile; `ctfetch` outputs only the list of hashes. Using `+sct`, `+issuer`, `+ctlog`, or `+all` with a hash tile is an error.
The tree is organised so that level 0 hashes cover individual leaves (each is `SHA-256(0x00 || MerkleTreeLeaf)`), and each higher level hashes pairs of nodes from the level below. The tile URL encodes the level: `/tile/0/...` is level 0, `/tile/1/...` is level 1, and so on.
@@ -82,6 +82,7 @@ The tree is organised so that level 0 hashes cover individual leaves (each is `S
| `+sct` | Parse and include embedded Signed Certificate Timestamps from final (non-precert) certificates |
| `+issuer` | Fetch and include issuer certificate details from the log's `/issuer/<fp>` endpoint |
| `+ctlog` | Look up each SCT's log ID in the CT log list and include operator/state details |
| `+all` | Enable all of `+sct`, `+issuer`, and `+ctlog` at once |
## Flags