Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS-Crypt-V2 Group / Server Keys - Require serial numbers #285

Open
TinCanTech opened this issue Mar 6, 2022 · 1 comment
Open

TLS-Crypt-V2 Group / Server Keys - Require serial numbers #285

TinCanTech opened this issue Mar 6, 2022 · 1 comment
Assignees
@TinCanTech
Labels
enhancement New feature or request Feature request Additional new feature Solution applied This issue has been solved Testing welcome
Milestone
Version 2.8.0

Comments

@TinCanTech
Copy link
Owner

TLS-CV2 Group Server keys do have uses:

  • Can be created without an X509 Server certificate.
  • Can be inlined with any X509 Server certificate.

Much more flexible..
@TinCanTech TinCanTech added the enhancement New feature or request label Mar 6, 2022
@TinCanTech TinCanTech added this to the Version 2.8.0 (The forth) milestone Mar 6, 2022
@TinCanTech TinCanTech self-assigned this Mar 6, 2022
@TinCanTech TinCanTech changed the title TLS-Crypt-V2 Group keys TLS-Crypt-V2 Group Server Keys Mar 6, 2022
TinCanTech referenced this issue Mar 6, 2022
@TinCanTech
Re-enable TLS-Crypt-V2 Group Server Keys
6aa4081 
Signed-off-by: Richard T Bonhomme <[email protected]>
TinCanTech referenced this issue Mar 7, 2022
@TinCanTech
Re-enable inline_tls_cv2_group_server() and improve comments
a37e59d 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Copy link
Owner Author

All TLS-Crypt-V2 Server Keys should have serial numbers.

Going to be a fairly intrusive change ..

@TinCanTech TinCanTech added the Feature request Additional new feature label Mar 8, 2022
@TinCanTech TinCanTech changed the title TLS-Crypt-V2 Group Server Keys TLS-Crypt-V2 Group / Server Keys - Require serial numbers Mar 9, 2022
TinCanTech referenced this issue Mar 9, 2022
@TinCanTech
Rename tls_crypt_v2_serial_number()
e415b9b 
Rename to tlskey_cv2_client_serial_number()

Signed-off-by: Richard T Bonhomme <[email protected]>
TinCanTech referenced this issue Mar 9, 2022
@TinCanTech
Introduce TLS-Crypt-V2 Server Key Serial Numbers
20963c4 
This serialisation is only used internally by 'easytls' script,
to keep track of of TLS-Crypt-V2 Server keys within indexes.

The serial-number is a minor modification of the HASH_ALGO of the key file.
SHA256 or SHA1 hash, drop the last four digits and insert an identifyer at
the beginning of the string.

EG:

Standard server:
* SRV:520e023e3278fb7e41d5a8558f8796e09c96e6b68001b22cf753b359ab0e

Group server:
* G_S:98cef97e2fd0639efd291f82583e636fbc9150ceb4e56fa43477c1b6ceb0

SHA1:
* SRV:e36a610abb9560a50f46215bdc5f6a5cf280

Signed-off-by: Richard T Bonhomme <[email protected]>
TinCanTech referenced this issue Mar 9, 2022
@TinCanTech
Correct test - Minor test to skip a validate_hash() check
da3e96e 
If the test failed before then the hash would be validated.

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech added Solution applied This issue has been solved Testing welcome labels Mar 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TinCanTech TinCanTech

Labels
enhancement New feature or request Feature request Additional new feature Solution applied This issue has been solved Testing welcome
Projects
None yet
Milestone
Version 2.8.0
Development

No branches or pull requests
1 participant
@TinCanTech