FlexHub Forum

How to find KEYP

How to find KEYP
« on: December 29, 2011, 19:13:49 »
How to find KEYP from a ADCS hub as a user and owner ?

Offline FlipFlop™

  • FlexHub Developer
  • *****
  • 505
Re: How to find KEYP
« Reply #1 on: December 29, 2011, 23:45:26 »
I'll add a hubcommand to generate the KEYP from the certificate.

There might be a client out there already capable of showing the KEYP of a hub's certificate though, since the clients already generate the KEYP from the certificate to compare it with the given KEYP.
Check the new FlexHubList!           Add awesome statistics like this for your hub!

This post is a natural product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.

Re: How to find KEYP
« Reply #2 on: December 30, 2011, 12:27:21 »
Is there a command in flexhub ?

Offline FlipFlop™

  • FlexHub Developer
  • *****
  • 505
Re: How to find KEYP
« Reply #3 on: December 30, 2011, 13:31:48 »
Hmm, i've looked into it and there's no easy way to generate a SHA-256 hash within FlexHub.
But you can easily use sha256sum:

sha256sum [OPTION]... [FILE]...    

The file you need to generate the SHA-256 from is the 'cert.pem' in your 'certificates' folder.

As a sidenote: personally I think the KEYP as KP in the hubaddress is a bit over the top regarding security, it does prevent a possible MITM attack, but that technique being used to takeover a connection to a hub is highly unlikely I think, not much interesting things can be done with that. If i'm misinformed or missing a more important security issue please respond below.

The drawback of using KEYP is if you ever lose the certificate, or if you point your dns to another hub temporary, the users won't be able to connect since the KEYP won't match then. You could lose a lot of users that way.


« Last Edit: December 30, 2011, 17:05:33 by FlipFlop™ »
Check the new FlexHubList!           Add awesome statistics like this for your hub!

This post is a natural product. The slight variations in spelling and grammar enhance its individual character and beauty and in no way are to be considered flaws or defects.

Re: How to find KEYP
« Reply #4 on: December 30, 2011, 17:26:33 »
I have try use sha256sum in linux but dont work, so use ncdc (client) to get it.

Offline Lee

Re: How to find KEYP
« Reply #5 on: January 09, 2012, 22:18:17 »
Flip: If you needed to temporarily transfer the hub over to a separate DNS, you would setup the host with the same certificate. Yes, KEYP is not for everyone out there but it does add an extra layer of security of hub owners and users.