Sign/verify data with ed25519 keys of a tinc 1.1 host

Guus Sliepen guus at tinc-vpn.org
Wed Jan 27 00:20:29 CET 2016


On Tue, Jan 26, 2016 at 08:52:29PM +0100, Guus Sliepen wrote:

> > My intention was to sign the content of export-all with the nodes' public key, which would require the corresponding private key to verify.
> > 
> > Does this make sense ?
> 
> Yes, that does make a lot of sense. I'll see if I can add a safe way to
> sign/verify arbitrary data with the tinc command.

I totally should've spent my time on other things on the TODO list for
tinc 1.1, but I've just added this functionality (it's in the git
repository). You can now do:

Server: tinc export-all | tinc sign > all.signed

Client: tinc verify server all.signed | tinc import

You have to specify a node name when verifying data ("server" in the
example above), only a signature made by that node will be accepted, or
you have to specify "*" to allow signatures by any known node. Also, "."
is shorthand for the local node. Let me know if this is what you wanted.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160127/7d4823ba/attachment.sig>


More information about the tinc mailing list