Files

martin61 e66b97b460 TLS certificate: rsa4096 --> ECDSAWithSHA512 384bit secp384r1

elliptic curves in ECDHE handshake: only CurveP384 + CurveP521, default CurveP256 removed
RebuildInterval: 24h --> 72h
certificate valid: 2y --> 5y
throttled.PerDay(4) --> PerHour(4), to enable limited testing

2016-01-29 19:36:41 +01:00

1.2 KiB

Raw Blame History

I2P Reseed Tools

This tool provides a secure and efficient reseed server for the I2P network. There are several utility commands to create, sign, and validate SU3 files.

Installation

If you have go installed you can download, build, and install this tool with go get

$ export GOPATH=$HOME/go
$ cd $GOPATH
$ go get github.com/martin61/i2p-tools
$ bin/i2p-tools -h

Usage

Locally behind a webserver (reverse proxy setup), preferred:

$ GOPATH=$HOME/go; cd $GOPATH; bin/i2p-tools reseed --signer=you@mail.i2p --key=you_at_mail.i2p.pem --netdb=/home/i2p/.i2p/netDb --port=8443 --ip=127.0.0.1 --trustProxy

Without webserver, standalone with tls support

$ GOPATH=$HOME/go; cd $GOPATH; bin/i2p-tools reseed --signer=you@mail.i2p --key=you_at_mail.i2p.pem --netdb=/home/i2p/.i2p/netDb --tlsHost=your-domain.tld

If this is your first time running a reseed server (ie. you don't have any existing keys), you can simply run the command and follow the prompts to create the appropriate keys and certificates. Afterwards an HTTPS reseed server will start on the default port and generate 4 files in your current directory (a TLS key and certificate, and a signing key and certificate).