Sign/verify data with ed25519 keys of a tinc 1.1 host
Anton Voyl
awiouy at gmail.com
Wed Jan 27 07:02:53 CET 2016
Wow! Thank you! I will try that out as soon as possible. Likely Saturday. @
> Le 27 janv. 2016 à 00:20, Guus Sliepen <guus at tinc-vpn.org> a écrit :
>
> On Tue, Jan 26, 2016 at 08:52:29PM +0100, Guus Sliepen wrote:
>
>>> My intention was to sign the content of export-all with the nodes' public key, which would require the corresponding private key to verify.
>>>
>>> Does this make sense ?
>>
>> Yes, that does make a lot of sense. I'll see if I can add a safe way to
>> sign/verify arbitrary data with the tinc command.
>
> I totally should've spent my time on other things on the TODO list for
> tinc 1.1, but I've just added this functionality (it's in the git
> repository). You can now do:
>
> Server: tinc export-all | tinc sign > all.signed
>
> Client: tinc verify server all.signed | tinc import
>
> You have to specify a node name when verifying data ("server" in the
> example above), only a signature made by that node will be accepted, or
> you have to specify "*" to allow signatures by any known node. Also, "."
> is shorthand for the local node. Let me know if this is what you wanted.
>
> --
> Met vriendelijke groet / with kind regards,
> Guus Sliepen <guus at tinc-vpn.org>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
More information about the tinc
mailing list