Enterprise-grade TUI for DoD CAC/PIV management, certificate validation, and STIG compliance on Linux.
Sentinel provides a unified interface for managing Smart Cards (CAC/PIV) in secure environments, replacing complex CLI workflows with automated diagnostic and configuration logic.
- System Compliance: Real-time monitoring of pcscd with auto-remediation via pkexec. Verifies OpenSC middleware and provides clean hardware scanning for card readers.
- Identity Management: Robust extraction of User Principal Name (UPN) and Common Name (CN). Supports non-destructive PIN retry inspection, PIN updates, and PUK-based unblocking.
- AIA Chasing: Automatically resolves validation errors by fetching missing intermediate certificates via AIA URLs, dynamically building a working chain for newer DoD certificates.
- Enterprise Auth: Automates PIV Authentication public key export for SSH and provides automated agent setup instructions.
- Digital Signatures: Integrated PDF signing via pyhanko and PKCS11. Includes automated detection and warnings for unsupported Adobe XFA forms.
- Browser Sync: One-click configuration for Chrome/Chromium NSS databases and Firefox profiles, including support for Flatpak installations.
| Context | Shortcut | Action |
|---|---|---|
| Global | Ctrl + Q |
Quit Application |
| Global | Tab |
Switch Tabs |
| Forms | Enter |
Submit / Execute Action |
| Navigation | Mouse Drag |
Select Fields and Buttons |
Sentinel is built on a modern asynchronous stack to ensure the TUI remains responsive during hardware I/O and certificate discovery.
- Frontend: Textual (Python) for a reactive, asynchronous Terminal User Interface.
- Backend: AsyncIO for non-blocking hardware interaction and subprocess management.
- Validation: OpenSSL integration for AIA chasing and certificate chain verification.
- Signatures: pyHanko and python-pkcs11 for hardware-token digital signatures.
© CodeFXR. All rights reserved.