HOWTO.txt

https://github.com/WICG/webpackage/tree/master/go/signedexchange

echo "<h1>hi</h1>" > payload.html
openssl ecparam -out priv.key -name prime256v1 -genkey
openssl req -new -sha256 -key priv.key -out cert.csr -subj '/CN=signed.jimpick.com/O=Test/C=CA'
openssl x509 -req -days 360 -in cert.csr -signkey priv.key -out cert.pem -extfile <(echo -e "1.3.6.1.4.1.11129.2.1.22 = ASN1:NULL\nsubjectAltName=DNS:signed.jimpick.com")

gen-certurl -pem cert.pem -ocsp <(echo ocsp) > cert.cbor

gen-signedexchange \
  -uri https://signed.jimpick.com/hello.html \
  -content ./payload.html \
  -certificate cert.pem \
  -privateKey priv.key \
  -certUrl https://signed-cdn.jimpick.com/cert.cbor \
  -validityUrl https://signed.jimpick.com/resource.validity.msg \
  -o signed.jimpick.com.hello.sxg

$ curl -k -i https://signed-cdn.jimpick.com/cert.cbor
HTTP/1.1 200 OK
Server: nginx/1.15.3
Date: Tue, 09 Oct 2018 03:24:35 GMT
Content-Type: application/cert-chain+cbor
Content-Length: 442
Last-Modified: Tue, 09 Oct 2018 02:56:46 GMT
Connection: keep-alive
ETag: "5bbc18ee-1ba"
Accept-Ranges: bytes

...

$ curl -k -i https://signed-cdn.jimpick.com/signed.jimpick.com.hello.sxg
HTTP/1.1 200 OK
Server: nginx/1.15.3
Date: Tue, 09 Oct 2018 03:28:13 GMT
Content-Type: application/signed-exchange;v=b2
Content-Length: 592
Last-Modified: Tue, 09 Oct 2018 03:27:16 GMT
Connection: keep-alive
ETag: "5bbc2014-250"
Accept-Ranges: bytes

sxg1-b2%https://signed.jimpick.com/hello.htmle�label; sig=*MEUCIQDhAoHyguikRP7bjZVHQPh7DCz/s153ZIu8Fs3YdLJXVQIgAI5M0anxuznMfeTlOUECPZfILSMEm2Fg3amGlDcTYuM=*; validity-url="https://signed.jimpick.com/resource.validity.msg"; integrity="digest/mi-sha256-03"; cert-url="https://signed-cdn.jimpick.com/cert.cbor"; cert-sha256=*0QHbhog1M7WRBut+IBpnd26WUHMsmuh4Nfi15oLrYZw=*; date=1539055594; expires=1539059194��G:methodCGET�FdigestX9mi-sha256-03=/L4DUH8Y3qt1mIflZzqUKlgqWnQiI/ufyubi89FGU1U=G:statusC200Lcontent-typeXtext/html; charset=utf-8Pcontent-encodingLmi-sha256-03<h1>hi</h1>