Opened 5 years ago

Closed 18 months ago

#1540 closed enhancement (fixed)

Add Param for Easy Encrypted Leasesets

Reported by: lazygravy Owned by:
Priority: minor Milestone: 0.9.40
Component: apps/i2ptunnel Version: 0.9.19
Keywords: Cc:
Parent Tickets: Sensitive: no


Add a parameter similar to ?i2paddresshelper= that would help to add a secret key for encrypted lease sets. Maybe ?i2paddresshelperkey=?

This would aid in sharing secret services among groups of friends.


Change History (2)

comment:1 Changed 5 years ago by zzz

<lazygravy> Hi, so I am trying to add the leaseset key as a param passed to i2ptunnel as I mentioned the other day. I am getting this error after compiling (I did change code), "i2p.i2p/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/ error: package net.i2p.router does not exist". Any thoughts?
<zzz> lazygravy, i2ptunnel cannot depend on net.i2p.router classes
<lazygravy> zzz: What would be a better way to acheive what I am trying to do then?
<zzz> why do you need something from router?
<lazygravy> I might just be mis-understanding how things are organized. My end goal is to add a encrypted leaseset key in a similar way to how i2paddresshelper works.
<zzz> yeah it's kinda a problem because you can't save the router's config from I2PAppContext
<zzz> but the whole encrypted LS thing is a mess, I'd rather come up with a more secure way to do it
<str4d> I do like how Tor is planning their HS 2.0 system
<str4d> ie. you can't get the info for a Destination unless you already know it.
<str4d> It's kinda like LS encryption, although still not a whitelist
<zzz> agreed that it would be nice to put the decryption keys in the address book though
<zzz> maybe

Logically, you'd want to store the keys in the addressbook properties (skiplist), not in the router config. And you could do this enhancement in i2ptunnel without using router classes.

But the router can't go do an addressbook lookup (and it would be two, a reverse lookup and then a forward one to get the property) every time it access a leaseset, to see if it has a key. That's why it's in the router keyring now.

The bigger picture is that the current encrypted leaseset design is poorly thought out and insecure. I can say that because I did it. Before we make it easier we should make it better, if at all possible.

comment:2 Changed 18 months ago by zzz

Milestone: undecided0.9.40
Resolution: fixed
Status: newclosed

will be addressed as a part of proposal 123 and "b33"

Note: See TracTickets for help on using tickets.