Back to Home / #linode / 2021 / 01 / Prev Day | Next Day
#linode IRC Logs for 2021-01-10

---Logopened Sun Jan 10 00:00:48 2021
02:54-!-g0t [~username@dh207-97-150.xnet.hr] has joined #linode
02:54-!-g0t is "username" on #linode
03:30-!-g0t [~username@dh207-97-150.xnet.hr] has quit [Ping timeout: 480 seconds]
03:34-!-g0t [~username@dh207-97-150.xnet.hr] has joined #linode
03:34-!-g0t is "username" on #linode
04:12-!-Shentino [~shentino@096-041-218-191.res.spectrum.com] has quit [Ping timeout: 480 seconds]
04:20-!-jojo [~u0_a157@223.91.74.35] has quit [Ping timeout: 480 seconds]
06:45-!-lls [~lls@0002aa2c.user.oftc.net] has quit [Remote host closed the connection]
07:15-!-NomadJim [~Jim@72.168.160.18] has quit [Ping timeout: 480 seconds]
07:25<linbot>New news from community: How do I work my fully qualified domain name and my root domain to a website <https://www.linode.com/community/questions/20910>
09:31-!-jojo [~u0_a157@2408:8420:6b00:a003:1c17:4dba:e29c:c24a] has joined #linode
09:31-!-jojo is "fu xin son" on #linode
10:25-!-Shentino [~shentino@096-041-218-191.res.spectrum.com] has joined #linode
10:25-!-Shentino is "realname" on #kernelnewbies #qemu #mm #linode #tux3
10:32-!-xtrWrithe [~xtrWrithe@00027ade.user.oftc.net] has joined #linode
10:32-!-xtrWrithe is "xtrWrithe" on #tor-south #linode #qemu
10:36<Cromulent>Right I need some advice here - I basically need a private and public X.509 key pair for JWT signing and verification
10:37<Cromulent>my thought was that if I created a self signed certificate authority and then generated the key pair from the CA cert I could have the public CA cert verify if the private key was legit
10:37<Cromulent>and then store the CA cert private key in a totally locked down Linode
10:37<Cromulent>am I misunderstanding anything here?
10:59<branko>Well, the terminology you are using looks a bit off to me when talking about X.509.
11:00<Cromulent>in what way?
11:00<Cromulent>I need a pem encoded X.509 key pair - the CA part can be ignored but I was curious about it
11:01<branko>Well, what you care about in the X.509 trust model the most is the certificates - the metadata stored within. E.g. name of issuer etc. Validation of crypto-related stuff (like who signed what, who has posession etc of private key) matters, but that's kinda "in the background".
11:03<branko>So, you'd create your self-signed/root CA (private key + certificate), generate private key for entity, generate certificate signing request with that private key that will contain extra info about the entity, and then issue a certificate based on that CSR. Afterwards you validate the end entity certificate using the CA certificate chain (in your case just the root CA).
11:03<branko>Mind you, CSR can kinda be skipped around, many CAs won't really trust much the info contained within.
11:04<branko>My explanation is also most likely oversimplified too :)
11:04<Cromulent>I see - I'm obviously misunderstanding something here
11:05<branko>Cromulent: To get maybe to one point - "generated teh key pair from the CA" sounds a bit unusual.
11:05<branko>*the
11:06<branko>Cromulent: Well, reading up on some basics might be a good idea - keep in mind one thing, though - in _root_ you trust.
11:07<branko>E.g. you can have a pretty long chain of CA certificates leading to your end entity certificate, but you trust the thing at the top of the chain. That's where you bootstrap the trust.
11:59-!-Shentino [~shentino@096-041-218-191.res.spectrum.com] has quit [Remote host closed the connection]
12:11-!-xtrWrithe [~xtrWrithe@00027ade.user.oftc.net] has quit [Quit: WeeChat 2.4]
12:11-!-xtrWrithe [~xtrWrithe@00027ade.user.oftc.net] has joined #linode
12:11-!-xtrWrithe is "xtrWrithe" on #tor-south #linode #qemu
12:12-!-xtrWrithe [~xtrWrithe@00027ade.user.oftc.net] has quit []
12:12-!-xtrWrithe [~xtrWrithe@00027ade.user.oftc.net] has joined #linode
12:12-!-xtrWrithe is "xtrWrithe" on #tor-south #linode #qemu
12:16<linbot>New news from community: Theoretical Server Usage <https://www.linode.com/community/questions/20911>
12:18<Peng>v_v
12:29-!-Parshant_test [~oftc-webi@106.215.108.183] has joined #linode
12:29-!-Parshant_test is "OFTC WebIRC Client" on #linode
12:29-!-Parshant_test [~oftc-webi@106.215.108.183] has quit []
13:03-!-duckydanny [~duckydann@li1301-74.members.linode.com] has quit [Quit: ZNC - http://znc.in]
13:05-!-duckydanny [~duckydann@li1301-74.members.linode.com] has joined #linode
13:05-!-duckydanny is "Dan" on #tor-project #moocows #linode #debian
14:37-!-jojo [~u0_a157@2408:8420:6b00:a003:1c17:4dba:e29c:c24a] has quit [Ping timeout: 480 seconds]
14:41<LouWestin>Cromulent: usually when I've done a self signed cert the web browsers (if you're accessing something via browser) throws huge warning.
14:42<Cromulent>this isn't for a website - this is for signing and verifying JWT
14:42<LouWestin>Ok
14:43<Cromulent>but yeah you are right
14:43<LouWestin>Might be fine.
14:43<LouWestin>Only one way to find out!
14:44<LouWestin>LE would nice if it didn't last for only 90 days
14:45<LouWestin>Sometimes it's a pain to auto renew without certbot and in your case you might not be able to do that anyway. Not too sure.
15:49-!-Shentino [~shentino@096-041-218-191.res.spectrum.com] has joined #linode
15:49-!-Shentino is "realname" on #kernelnewbies #qemu #mm #linode #tux3
16:29<grawity>Cromulent: in this case, yes, you start by generating a self-signed certificate, but then you can just use it directly for jwt, no need for step 2
17:38-!-lls [~lls@0002aa2c.user.oftc.net] has joined #linode
17:38-!-lls is "lls" on #linode
18:20-!-aheczko [~oftc-webi@apn-46-215-229-190.dynamic.gprs.plus.pl] has joined #linode
18:20-!-aheczko is "OFTC WebIRC Client" on #linode
18:21-!-aheczko [~oftc-webi@apn-46-215-229-190.dynamic.gprs.plus.pl] has quit []
18:49-!-jess [~jess@00029d95.user.oftc.net] has quit [Quit: Leaving]
18:55-!-g0t [~username@dh207-97-150.xnet.hr] has quit [Ping timeout: 480 seconds]
19:17-!-retro|blah [retrograde@000196da.user.oftc.net] has quit [Quit: Leaving]
19:17-!-retro|blah [retrograde@000196da.user.oftc.net] has joined #linode
19:17-!-retro|blah is "retrograde inversion" on #linode
19:40-!-u0_a310 [~u0_a310@139.193.218.194] has joined #linode
19:40-!-u0_a310 is "Unknown" on #linode
19:41-!-u0_a310 is now known as J07
19:41<J07>d
19:41<@pwoods>e
19:41-!-J07 [~u0_a310@139.193.218.194] has quit []
19:46<Ikaros>Was going to drop an 'f' in there, too bad they left.
19:47<@pwoods>Ikaros: please no f bombs.
19:50<Ikaros>Of course not, why I didn't say "f bomb" lol
19:51<Ikaros>You know, d...e...f...etc
20:02<kharlan>You callin’ me a defetc?
20:09<Ikaros>I'll just be over in my corner now...
20:14<kharlan>:p
20:14-!-packetcat [~staticsaf@00019b48.user.oftc.net] has quit [Quit: WeeChat 2.9]
20:16-!-packetcat [~staticsaf@00019b48.user.oftc.net] has joined #linode
20:16-!-packetcat is "staticsafe" on #linode
20:58-!-|GIG-1 [~MYOB@193.36.225.54] has quit [Quit: usairc org ]
20:59-!-|GIG [~MYOB@193.36.225.39] has joined #linode
20:59-!-|GIG is "J" on #linode #moocows
21:01-!-|GIG [~MYOB@193.36.225.39] has quit []
21:06<LouWestin>g
21:12-!-|GIG [~MYOB@193.36.225.39] has joined #linode
21:12-!-|GIG is "J" on #linode #moocows
21:13-!-|GIG [~MYOB@193.36.225.39] has quit [Remote host closed the connection]
21:15-!-|GIG [~MYOB@193.36.225.197] has joined #linode
21:15-!-|GIG is "J" on #linode #moocows
21:15-!-|GIG-1 [~MYOB@193.36.225.197] has joined #linode
21:15-!-|GIG-1 is "J" on #linode #moocows
21:19-!-jojo [~u0_a157@223.91.74.35] has joined #linode
21:19-!-jojo is "fu xin son" on #linode
21:23-!-|GIG [~MYOB@193.36.225.197] has quit [Ping timeout: 480 seconds]
21:33-!-jojo [~u0_a157@223.91.74.35] has quit [Ping timeout: 480 seconds]
21:49-!-jojo [~u0_a157@223.91.74.35] has joined #linode
21:49-!-jojo is "fu xin son" on #linode
22:06-!-jojo_ [~u0_a157@223.91.74.35] has joined #linode
22:06-!-jojo_ is "fu xin son" on #linode
22:08-!-jojo [~u0_a157@223.91.74.35] has quit [Ping timeout: 480 seconds]
22:12-!-jojo_ [~u0_a157@223.91.74.35] has quit [Remote host closed the connection]
22:14-!-jojo_ [~u0_a157@223.91.74.35] has joined #linode
22:14-!-jojo_ is "fu xin son" on #linode
22:32-!-metta_ [~Quassel@2a01:4f8:1c0c:49df::1] has joined #linode
22:32-!-metta_ is "metta" on #linode
23:26<Shentino>Btw is there any recourse if someone hacks into my linode account and nukes my vm?
23:26<Shentino>just asking hypothetically
23:29<chesty>Shentino, restore from backups
23:29<chesty>ideally off site backups.
---Logclosed Mon Jan 11 00:00:49 2021