(And how to check TP keys as an end user)
I. The CA signing key. There is one CA signing key, operated by the hacktivismo trust center. The CA public key is spread throughout the internet. The CA private key is kept strictly confidential.
The officially circulated, public key has the following signature:
openssl sha1 < HV-PUB.pem f26cb13c2430782e48c85aabf2dcd675bf29c3da
II. Signing public keys of trusted nodes. This is done by hacktivismo as owners of the CA key only. Trusted Peers should submit their unsigned public keys for approval/signing to hvca@hacktivismo.com. At the end of the TPKEY file containing the public RSA key, there must be an IP address in dotted decimal, which will be signed together with the key. If approved, they will receive a sigature by HVCA of their key back. The signing is a plain SHA-1 hash based signature of the TP public key and done with:
openssl sha1 -sign HV-ROOT.pem TPKEY-ipaddr > TPKEY-ipaddr.sig
III. Verifying the public key of Trusted Peers - the significant part for end users. This is done automatically during loading of TPKEY's from the host file. (See your configuration file for details). Make sure to have an up-to-date version of the code that contains the current HV Root Signing Key - it is an array in PeerLayer/Discovery.cpp.
If you get warning messages about signature failures, the respective Trusted Peer Keys won't be loaded/used. Please inform someone at hacktivismo.com if you see signature verification failures.
IV. Keyfile names. For Trusted Peer nodes, their own keyfile location is specified in the config file under option "tpkeyfile".
For normal nodes, the Trusted Peer public keys must have filenames that are in format TPKEY-IPADDR, e.g.: TPKEY-127.0.0.1, and a signature file suffixed by '.sig', e.g. TPKEY-127.0.0.1.sig - when valid TPKEY and sig files exist for a host, that host is automatically considered a Trusted Peer.
This document was generated using the LaTeX2HTML translator Version 2002-2 (1.70)
Copyright © 1993, 1994, 1995, 1996,
Nikos Drakos,
Computer Based Learning Unit, University of Leeds.
Copyright © 1997, 1998, 1999,
Ross Moore,
Mathematics Department, Macquarie University, Sydney.
The command line arguments were:
latex2html -no_subdir -split 0 -show_section_numbers /tmp/lyx_tmpdir10755x1TkOh/lyx_tmpbuf4/README.tex
The translation was initiated by mixter on 2003-02-14