Fantastic, having it in the CLI would great. It is for the reason of users losing the pub key that I ask, writing some docs for an internal network. Ah interesting, I finally found openssl does not have the 25519 curve in there(and no plans to do so looks like) but I was not aware there was non standard priv key format either. Would it make sense for the tinc -n <netname> get Ed25519PublicKey To have some logic to derive the pub key it if it's not already in the hosts file? Just to avoid adding another command to the tinc CLI. On Wed Jan 14 2015 at 2:00:47 PM Guus Sliepen <guus at tinc-vpn.org> wrote:> On Wed, Jan 14, 2015 at 12:28:00PM +0000, Martin wrote: > > > Is there any way to obtain the public key from the private key? > > I know it's in host file however for the purpose of this message I need > to > > be able to generate it on the command line. > > I tried > > > > openssl ec < ed25519_key.priv > > > > I get an error > > > > read EC key > > unable to load Key > > 140092556813984:error:0906D06C:PEM routines:PEM_read_bio:no start > > line:pem_lib.c:703:Expecting: ANY PRIVATE KEY > > Ed25519 keys are not supported by OpenSSL, and are generated completely > by tinc itself. The format of ed25519_key.priv is also not a standard > format. The public key can be extracted from it though, I'll add an > option to the tinc CLI to do this, just in case someone accidentily > deletes the public key. However, you can already use the CLI to extract > your own public key: > > tinc -n <netname> get Ed25519PublicKey > > -- > Met vriendelijke groet / with kind regards, > Guus Sliepen <guus at tinc-vpn.org> > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150114/193ef234/attachment-0001.html>
On Wed, Jan 14, 2015 at 02:17:31PM +0000, Martin wrote:> Fantastic, having it in the CLI would great. It is for the reason of users > losing the pub key that I ask, writing some docs for an internal network. > Ah interesting, I finally found openssl does not have the 25519 curve in > there(and no plans to do so looks like) but I was not aware there was non > standard priv key format either. > > Would it make sense for the > > tinc -n <netname> get Ed25519PublicKey > > To have some logic to derive the pub key it if it's not already in the > hosts file? Just to avoid adding another command to the tinc CLI.Adding another command is easy. Actually, I'm thinking of adding a "fsck" or "check" command that checks whether everything is in order, like configuration file permissions (executable bit on tinc-up for example), misspelled variable names in the config files, and possibly repairs what it can. And of course then also recreate the public keys if necessary. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150114/982f2e63/attachment.sig>
On Wed, 14 Jan 2015, Guus Sliepen wrote:> On Wed, Jan 14, 2015 at 02:17:31PM +0000, Martin wrote: > > > Fantastic, having it in the CLI would great. It is for the reason of users > > losing the pub key that I ask, writing some docs for an internal network. > > Ah interesting, I finally found openssl does not have the 25519 curve in > > there(and no plans to do so looks like) but I was not aware there was non > > standard priv key format either. > > > > Would it make sense for the > > > > tinc -n <netname> get Ed25519PublicKey > > > > To have some logic to derive the pub key it if it's not already in the > > hosts file? Just to avoid adding another command to the tinc CLI. > > Adding another command is easy. Actually, I'm thinking of adding a > "fsck" or "check" command that checks whether everything is in order, > like configuration file permissions (executable bit on tinc-up for > example), misspelled variable names in the config files, and possibly > repairs what it can. And of course then also recreate the public keys if > necessary.Hallo Guus, I would like to have special commands to extract the public keys for both RSA and ed25519 also for ChaosVPN. As we dynamically recreate all the hosts files we currently have to make sure that the public keys are in /etc/tinc/chaos/rsa_key.pub and /etc/tinc/chaos/ed25519_key.pub - which they are when you create the keys before you have any hosts files. But if you do it later they get put into hosts/something and get overwritten on the next recreate... c'ya sven-haegar -- Three may keep a secret, if two of them are dead. - Ben F.