Trillian CT Personality

This directory holds code and scripts for running a Certificate Transparency (CT) Log based on the Trillian general transparency Log.

• Codebase Structure
• Deployment
• Operation

Codebase Structure

The main code for the CT personality is held in trillian/ctfe; this code responds to HTTP requests on the CT API paths and translates them to the equivalent gRPC API requests to the Trillian Log.

This obviously relies on the gRPC API definitions at github.com/google/trillian; the code also uses common libraries from the Trillian project for various things including:

• exposing monitoring and statistics via an interface and corresponding Prometheus implementation (github.com/google/trillian/monitoring/...)
• dealing with cryptographic keys (github.com/google/trillian/crypto/...).

The trillian/integration/ directory holds scripts and tests for running the whole system locally. In particular:

• trillian/integration/ct_integration_test.sh brings up local processes running a Trillian Log server, signer and a CT personality, and exercises the complete set of RFC 6962 API entrypoints.
• trillian/integration/ct_hammer_test.sh brings up a complete system and runs a continuous randomized test of the CT entrypoints.

These scripts require a local database instance to be configured as described in the Trillian instructions.

Deployment

Deploying a Trillian-based CT Log involves more than just the code contained in this directory.

The Manual Deployment document describes the components and process involved in manually setting up a CT Log instance on individual machines.

The Containerized Deployment document describes the sample container scripts which make CT Log deployment easier and more automatic. However, if you're planning to operate a trusted CT Log (rather than simply experimenting/playing with the code) then you should expect to understand all of the information in the manual version – even if you use the containerized variant for deployment convenience.

Operation

Once all of the components for a Trillian-based CT Log have been deployed, log operators need to monitor and maintain the Log. The Operation document describes key considerations and gotchas for this ongoing process.