build and inline tls crypt

Jump to bottom Edit New page

TinCanTech edited this page Aug 2, 2021 · 1 revision

This page describes how to build and inline a TLS-Crypt key

These steps must be done in the order shown.

Build a TLS-Crypt key

Use Easy-TLS inter-active build menu:

./easytls build
Select [2] TLS-Crypt-V1 key - Basic TLS-crypt-v1 pre-shared key

Command line to build a TLS Auth key:
- ./easytls btc

Inline a TLS-Crypt key for a Server

Use Easy-TLS inter-active inline menu:

./easytls inline
Select [3] Inline-file with TLS-Crypt-V1 key for Server
- Enter the name of your server common-name. eg: server
- Press enter: You do have the private key for this X509 certificate.
- ~~Press enter: You can not use a Diffie-Hellman parameters file in No-CA mode.~~
- Type yes: The file you will over-write will be correctly recreated with a TLS-AUTH inline file.
Command line to inline a TLS-Crypt key with a Server certificate:
- ./easytls itc <server-name>

Inline a TLS-Crypt key for a Client

Use Easy-TLS inter-active inline menu:

./easytls inline
Select [4] Inline-file with TLS-Crypt-V1 key for Client
- Enter the name of your client common-name. eg: alice
- Press enter: You do have the private key for this X509 certificate.
- Enter the common-name of your Server (eg: server) to automatically share peer-fingerprints.
- Type yes: The file you will over-write will be correctly recreated with a TLS-Crypt inline file.
Command line to inline a TLS-Crypt key with a Client certificate:
- ./easytls -r=<server-name> itc <client-name>
  The -r|--ss-peer-fingerprint option tells the command the name of the server to share this client fingerprint with.

Needs updating