Updated KT urls

google · Feb 8, 2020 · 6c99f58 · 6c99f58
1 parent 636f458
commit 6c99f58
Showing 1 changed file with 12 additions and 20 deletions.
diff --git a/README.md b/README.md
@@ -93,8 +93,8 @@ $ grpcurl -d '{"directory_id": "default"}' sandbox.keytransparency.dev:443 googl
 Key Transparency supports key signing keys for the purpose of making the provenance of public keys explicit.
 
 This feature can be deployed in a variety of configurations:
-1. Only the service provider signs updates.
-   This mode most clearly models most applications today that support account-reset.
+1. Only the service provider signs updates.  
+   This mode most clearly models most applications today that support account-reset. 
    The service provider authenticates the user using SMS, OAuth, Email, or some other mechanism and then updates the key directory.
 2. The service provider and, optionially, the user sign updates.
    This mode allows relyinig parties to distinguish between account reset
@@ -106,8 +106,8 @@ This feature can be deployed in a variety of configurations:
    This mode requires the user maintain access to their key signing keys in
    perpetuity or risk loosing access to their account.
 
-If supported by the service provider, each user can select the mode most
-appropriate for their own account by modifying the set of key signing keys in `authorized_keys`.
+It is up to the service provider t
+
 
 The sandbox server has been setup in mode 4.
   ```sh
@@ -118,26 +118,18 @@ The sandbox server has been setup in mode 4.
 The `create-keyset` command will create a `.keyset` file in the user's working directory.
 To specify custom directory use `--keyset-file` or `-k` shortcut.
 
-#### Publish the public key
-Any number of protocols may be used to prove to the server that a client owns a userID.
-The sandbox server supports a fake authentication string and [OAuth](https://console.developers.google.com/apis/credentials).
+NB A default for the Key Transparency server URL is being used here. The default value is "35.202.56.9:443". The flag `--kt-url` may be used to specify the URL of Key Transparency server explicitly.
 
-Create or fetch the public key for your specific application.
-  ```sh
-   openssl genpkey -algorithm X25519 -out xkey.pem
-   openssl pkey -in xkey.pem -pubout 
-   -----BEGIN PUBLIC KEY-----
-   MCowBQYDK2VuAyEAtCAsIMDyVUUooA5yhgRefcEr7edVOmyNCUaN1LCYl3s=
-   -----END PUBLIC KEY-----
-  ```
+
+#### Publish the public key
+1. Get an [OAuth client ID](https://console.developers.google.com/apis/credentials) and download the generated JSON file to `client_secret.json`.
 
   ```sh
   keytransparency-client post [email protected] \
-  --kt-url sandbox.keytransparency.dev:443 \
-  --fake-auth-userid [email protected] \
+  --client-secret=client_secret.json \
+  --kt-url sandbox.keytransparency.dev \
   --password=${PASSWORD} \
-  --verbose \
-  --data='MCowBQYDK2VuAyEAtCAsIMDyVUUooA5yhgRefcEr7edVOmyNCUaN1LCYl3s=' #Your public key in base64
+  --data='dGVzdA==' #Base64
   ```
 
 #### Get and verify a public key
@@ -158,7 +150,7 @@ Create or fetch the public key for your specific application.
 
 #### Verify key history
   ```
-  keytransparency-client history <email> --insecure
+  keytransparency-client history <email> --kt-url sandbox.keytransparency.dev:443
   Revision |Timestamp                    |Profile
   4        |Mon Sep 12 22:23:54 UTC 2016 |keys:<key:"app1" value:"test" >
   ```