Sign/verify data with ed25519 keys of a tinc 1.1 host

Anton Voyl awiouy at gmail.com
Wed Jan 27 07:02:53 CET 2016


Wow! Thank you! I will try that out as soon as possible. Likely Saturday. @

> Le 27 janv. 2016 à 00:20, Guus Sliepen <guus at tinc-vpn.org> a écrit :
> 
> On Tue, Jan 26, 2016 at 08:52:29PM +0100, Guus Sliepen wrote:
> 
>>> My intention was to sign the content of export-all with the nodes' public key, which would require the corresponding private key to verify.
>>> 
>>> Does this make sense ?
>> 
>> Yes, that does make a lot of sense. I'll see if I can add a safe way to
>> sign/verify arbitrary data with the tinc command.
> 
> I totally should've spent my time on other things on the TODO list for
> tinc 1.1, but I've just added this functionality (it's in the git
> repository). You can now do:
> 
> Server: tinc export-all | tinc sign > all.signed
> 
> Client: tinc verify server all.signed | tinc import
> 
> You have to specify a node name when verifying data ("server" in the
> example above), only a signature made by that node will be accepted, or
> you have to specify "*" to allow signatures by any known node. Also, "."
> is shorthand for the local node. Let me know if this is what you wanted.
> 
> -- 
> Met vriendelijke groet / with kind regards,
>     Guus Sliepen <guus at tinc-vpn.org>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc


More information about the tinc mailing list