From c17faf25e77abbb3289b6fff2fd658d8b753ecea Mon Sep 17 00:00:00 2001 From: hankhill19580 Date: Thu, 16 May 2019 18:22:12 +0000 Subject: [PATCH 1/9] use @media print to make more printer-friendly CSS --- i2p2www/static/styles/duck/widescreen.css | 35 +++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/i2p2www/static/styles/duck/widescreen.css b/i2p2www/static/styles/duck/widescreen.css index 38e31639..ec77f07a 100644 --- a/i2p2www/static/styles/duck/widescreen.css +++ b/i2p2www/static/styles/duck/widescreen.css @@ -10,3 +10,38 @@ div#content .inner .meta { right: 2%; text-align: left; } + +@media print { div#content .aside { + word-wrap: break-word; + display: !important; +}} + +@media print { div#content .inner .fluid { + margin-right: 3%; + display: !important; +}} + +@media print { div#content .inner .meta { + position: unset; + left: unset; + margin: unset; + right: unset; + text-align: unset; + display: block !important; +}} + +@media print { div#content .inner .sidebar { + word-wrap: break-word; + margin-right: 2%; + display: !important; +}} + +@media print { div#content .content-inner { + margin-left: 3%; + padding-right: 4em; + display: !important; +}} + +@media print { #global-footer { + display:none !important; +}} From ab1b1ee134271768980faee6320c060d0f98e602 Mon Sep 17 00:00:00 2001 From: hankhill19580 Date: Mon, 20 May 2019 16:44:25 +0000 Subject: [PATCH 2/9] add bote blog post, remove rule from print css --- i2p2www/static/styles/duck/widescreen.css | 4 ---- 1 file changed, 4 deletions(-) diff --git a/i2p2www/static/styles/duck/widescreen.css b/i2p2www/static/styles/duck/widescreen.css index ec77f07a..eca5764e 100644 --- a/i2p2www/static/styles/duck/widescreen.css +++ b/i2p2www/static/styles/duck/widescreen.css @@ -41,7 +41,3 @@ div#content .inner .meta { padding-right: 4em; display: !important; }} - -@media print { #global-footer { - display:none !important; -}} From 5e510a50df2c7166304021de559c426426dc38b3 Mon Sep 17 00:00:00 2001 From: hankhill19580 Date: Mon, 20 May 2019 18:16:06 +0000 Subject: [PATCH 3/9] add bote blog post, remove rule from print css --- .../blog/2019/05/20/help-bootstrap-bote.rst | 208 ++++++++++++++++++ 1 file changed, 208 insertions(+) create mode 100644 i2p2www/blog/2019/05/20/help-bootstrap-bote.rst diff --git a/i2p2www/blog/2019/05/20/help-bootstrap-bote.rst b/i2p2www/blog/2019/05/20/help-bootstrap-bote.rst new file mode 100644 index 00000000..9a52c44b --- /dev/null +++ b/i2p2www/blog/2019/05/20/help-bootstrap-bote.rst @@ -0,0 +1,208 @@ +========================================================================= +{% trans -%}How to volunteer by helping I2P-Bote bootstrap{%- endtrans %} +========================================================================= + +.. meta:: + :author: idk + :date: 2019-05-20 + :excerpt: {% trans %}Help Bootstrap I2P-Bote!{% endtrans %} + +{% trans -%} +An easy way to help people message eachother privately is to run an +I2P-Bote peer which can be used by new bote users to bootstrap their own +I2P-Bote peers. Unfortunately, until now, the process of setting up an +I2P-Bote bootstrap peer has been much more obscure than it should be. +It's actually extremely simple! +{%- endtrans %} + +{% trans -%} +:: + + What is I2P-bote? + I2P-bote is a private messaging system built on i2p, which has additional + features to make it even more difficult to discern information about the + messages that are transmitted. Because of this, it can be used to transmit + private messages securely while tolerating high latency and not relying on + a centralized relay to send messages when the sender goes offline. This is + in contrast to almost every other popular private messaging system, which + either require both parties to be online or rely on a semi-trusted service + which transmits messages on behalf of senders who go offline. + + or, ELI5: It's used similarly to e-mail, but it suffers from none of e-mail's + privacy defects. + +{%- endtrans %} + +**{%- trans %}Step One: Install I2P-Bote{%- endtrans %}** + +{%- trans %} + +I2P-Bote is an i2p plugin, and installing it is very easy. The original +instructions are available at the `bote eepSite, +bote.i2p `__, but if you want to read them on +the clearnet, these instructions come courtesy of bote.i2p: + +{%- endtrans %} + +{%- trans %} + +1. Go to the plugin install form in your routerconsole: + http://127.0.0.1:7657/configclients#plugin +2. Paste in the URL http://bote.i2p/i2pbote.su3 +3. Click Install Plugin. +4. Once installed, click SecureMail in the routerconsole sidebar or + homepage, or go to http://127.0.0.1:7657/i2pbote/ + +{%- endtrans %} + +**{%- trans %}Step Two: Get your I2P-Bote node's base64 address{%- endtrans %}** + +{%- trans %} + +This is the part where a person might get stuck, but fear not. While a +little hard to find instructions, this is actually easy and there are +several tools and options available to you, depending on what your +circumstances are. For people who want to help run bootstrap nodes as +volunteers, the best way is to retrieve the required information from +the private key file used by the bote tunnel. + +{%- endtrans %} + +**{%- trans %}Where are the keys? {%- endtrans %}** + +{%- trans %} + +I2P-Bote stores it's destination keys in a text file which, on Debian, +is located at */var/lib/i2p/i2p-config/i2pbote/local_dest.key*. In +non-Debian systems where i2p is installed by the user, the key will be +in *$HOME/.i2p/i2pbote/local_dest.key*, and on Windows, the file will be +in *C:\\ProgramData\\i2p\\i2pbote\\local_dest.key*. + +{%- endtrans %} + +**{%- trans %}Method A: Convert the plain-text key to the base64 destination{%- endtrans %}** + +{%- trans %} + +In order to convert a plain-text key into a base64 destination, one +needs to take the key and separate only the destination part from it. In +order to do this properly, one must take the following steps: + +{%- endtrans %} + +{%- trans %} + +1. First, take the full destination and decode it from i2p's base64 + character set into binary. +2. Second, take bytes 386 and 387 and convert them to a single + Big-Endian integer. +3. Add the number you computed from the two bytes in step two to 387. +4. Take that nummber of bytes from the front of the full destination. +5. Convert back to a base64 representation using i2p's base64 character + set. + +{%- endtrans %} + +{%- trans %} + +A number of applications and scripts exist to perform these steps for +you. Here are some of them, but this is far from exhaustive: + +{%- endtrans %} + +{%- trans %} + +- `the i2p.scripts collection of scripts(Mostly java and + bash) `__ +- `my application for converting + keys(Go) `__ + +{%- endtrans %} + +{%- trans %} + +These capabilities are also available in a number of I2P application +development libraries. + +{%- endtrans %} + +**{%- trans %}Shortcut:{%- endtrans %}** + +{%- trans %} + +Since the local destination of your bote node is a DSA destination, then +it's quicker to just truncate the local_dest.key file to the first 516 +bytes. To do that easily, run this command when running I2P-Bote with +I2P on Debian: + +{%- endtrans %} + +{%- trans %} + +:: + + sudo -u i2psvc head -c 516 /var/lib/i2p/i2p-config/i2pbote/local_dest.key + +{%- endtrans %} + +{%- trans %} +Or, if I2P is installed as your user: +{%- endtrans %} + +{%- trans %} + +:: + + head -c 516 ~/.i2p/i2pbote/local_dest.key + +{%- endtrans %} + +**{%- trans %}Methon B: Do a lookup {%- endtrans %}** + +{%- trans %} + +If that seems like a bit too much work, it's possible for you to look up +the base64 destination of your Bote connection by querying it's base32 +address using any of the available means for looking up a base32 +address. The base32 address of your Bote node is available on the +"Connection" page under the bote plugin application, at +`127.0.0.1:7657/i2pbote/network `__ + +{%- endtrans %} + +**{%- trans %}Step Three: Contact Us!{%- endtrans %}** + +{%- trans %} + +.. _update-the-built-in-peerstxt-file-with-your-new-node: + +{%- endtrans %} + +**{%- trans %}Update the built-in-peers.txt file with your new node{%- endtrans %}** + +{%- trans %} + +Now that you've got the correct destination for your I2P-Bote node, the +final step is to add yourself to the default peers list for `I2P-Bote +here `__ +here. You can do this by forking the repository, adding yourself to the +list with your name commented out, and your 516-char destination +directly below it, like this: + +{%- endtrans %} + +{%- trans %} + +:: + + # idk + QuabT3H5ljZyd-PXCQjvDzdfCec-2yv8E9i6N71I5WHAtSEZgazQMReYNhPWakqOEj8BbpRvnarpHqbQjoT6yJ5UObKv2hA2M4XrroJmydPV9CLJUCqgCqFfpG-bkSo0gEhB-GRCUaugcAgHxddmxmAsJVRj3UeABLPHLYiakVz3CG2iBMHLJpnC6H3g8TJivtqabPYOxmZGCI-P~R-s4vwN2st1lJyKDl~u7OG6M6Y~gNbIzIYeQyNggvnANL3t6cUqS4v0Vb~t~CCtXgfhuK5SK65Rtkt2Aid3s7mrR2hDxK3SIxmAsHpnQ6MA~z0Nus-VVcNYcbHUBNpOcTeKlncXsuFj8vZL3ssnepmr2DCB25091t9B6r5~681xGEeqeIwuMHDeyoXIP0mhEcy3aEB1jcchLBRLMs6NtFKPlioxz0~Vs13VaNNP~78bTjFje5ya20ahWlO0Md~x5P5lWLIKDgaqwNdIrijtZAcILn1h18tmABYauYZQtYGyLTOXAAAA + +{%- endtrans %} + +{%- trans %} + +and submitting a pull request. That's all there is to it so help keep +i2p alive, decentralized, and reliable. + +{%- endtrans %} From b202ef1b1e12491980a3e609a392d91181e9ff36 Mon Sep 17 00:00:00 2001 From: hankhill19580 Date: Tue, 21 May 2019 18:37:11 +0000 Subject: [PATCH 4/9] fix the syntax error I missed in the blog post --- i2p2www/blog/2019/05/20/help-bootstrap-bote.rst | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/i2p2www/blog/2019/05/20/help-bootstrap-bote.rst b/i2p2www/blog/2019/05/20/help-bootstrap-bote.rst index 9a52c44b..5be9b436 100644 --- a/i2p2www/blog/2019/05/20/help-bootstrap-bote.rst +++ b/i2p2www/blog/2019/05/20/help-bootstrap-bote.rst @@ -96,8 +96,10 @@ order to do this properly, one must take the following steps: character set into binary. 2. Second, take bytes 386 and 387 and convert them to a single Big-Endian integer. -3. Add the number you computed from the two bytes in step two to 387. -4. Take that nummber of bytes from the front of the full destination. +3. Add the number you computed from the two bytes in step two to 387. This is + the length of the base64 destination. +4. Take that nummber of bytes from the front of the full destination to get + the destination as a range of bytes. 5. Convert back to a base64 representation using i2p's base64 character set. @@ -138,7 +140,6 @@ I2P on Debian: {%- endtrans %} {%- trans %} - :: sudo -u i2psvc head -c 516 /var/lib/i2p/i2p-config/i2pbote/local_dest.key @@ -146,11 +147,12 @@ I2P on Debian: {%- endtrans %} {%- trans %} + Or, if I2P is installed as your user: + {%- endtrans %} {%- trans %} - :: head -c 516 ~/.i2p/i2pbote/local_dest.key From 7b072f303d7f800c3d1ef220d6ca88a0d11c2b18 Mon Sep 17 00:00:00 2001 From: zzz Date: Tue, 21 May 2019 19:41:18 +0000 Subject: [PATCH 5/9] 151 fix --- i2p2www/spec/proposals/151-ecdsa-blinding.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/i2p2www/spec/proposals/151-ecdsa-blinding.rst b/i2p2www/spec/proposals/151-ecdsa-blinding.rst index 053c0542..db03620d 100644 --- a/i2p2www/spec/proposals/151-ecdsa-blinding.rst +++ b/i2p2www/spec/proposals/151-ecdsa-blinding.rst @@ -37,7 +37,9 @@ L Elliptic curve's group order. Property of curve. DERIVE_PUBLIC(a) - Convert a private key to public, by multiplying B over an elliptic curve alpha + Convert a private key to public, by multiplying B over an elliptic curve + +alpha A 32-byte random number known to those who know the destination. GENERATE_ALPHA(destination, date, secret) From 1724b12b7f2ba36f224456642732672dc2549cd4 Mon Sep 17 00:00:00 2001 From: zzz Date: Wed, 22 May 2019 17:17:43 +0000 Subject: [PATCH 6/9] I2CP updates for encls2 per-client auth --- i2p2www/pages/site/docs/protocol/i2cp.html | 20 ++++++++++++-------- i2p2www/spec/i2cp.rst | 9 ++++++--- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/i2p2www/pages/site/docs/protocol/i2cp.html b/i2p2www/pages/site/docs/protocol/i2cp.html index 410988bc..7a30d2a1 100644 --- a/i2p2www/pages/site/docs/protocol/i2cp.html +++ b/i2p2www/pages/site/docs/protocol/i2cp.html @@ -1,7 +1,7 @@ {% extends "global/layout.html" %} {% block title %}I2CP{% endblock %} -{% block lastupdated %}{% trans %}March 2019{% endtrans %}{% endblock %} -{% block accuratefor %}0.9.39{% endblock %} +{% block lastupdated %}{% trans %}May 2019{% endtrans %}{% endblock %} +{% block accuratefor %}0.9.41{% endblock %} {% block content %}

{% trans -%} The I2P Client Protocol (I2CP) exposes a strong separation of concerns between @@ -176,7 +176,7 @@ of sending a MessageStatus and awaiting a ReceiveMessageBegin. i2cp.leaseSetAuthType -0.9.39 +0.9.41 0 0-2 0 @@ -232,14 +232,17 @@ See proposal 123. i2cp.leaseSetPrivKey -0.9.39 +0.9.41       -A base 64 private key for the router to use to decrypt the encrypted leaseset, -only if per-client authentication is enabled +A base 64 X25519 private key for the router to use to decrypt the encrypted LS2 locally, +only if per-client authentication is enabled. +Optionally preceded by the key type and ':'. +Only "ECIES_X25519:" is supported, which is the default. See proposal 123. +Do not confuse with i2cp.leaseSetPrivateKey which is for LS1. @@ -661,7 +664,7 @@ See proposal 123. i2cp.leaseSetAuthType -0.9.39 +0.9.41 0 0-2 0 @@ -706,12 +709,13 @@ See proposals 123, 144, and 145.     {% trans -%} -Base 64 private key for encryption. +Base 64 private key for encryption, for old encrypted LS1. Optionally preceded by the key type and ':'. Only "ELGAMAL_2048:" is supported, which is the default. I2CP will generate the public key from the private key. Use for persistent leaseset keys across restarts. {%- endtrans %} +Do not confuse with i2cp.leaseSetPrivKey which is for LS2. diff --git a/i2p2www/spec/i2cp.rst b/i2p2www/spec/i2cp.rst index a170f79b..8acfcf39 100644 --- a/i2p2www/spec/i2cp.rst +++ b/i2p2www/spec/i2cp.rst @@ -3,8 +3,8 @@ I2CP Specification ================== .. meta:: :category: Protocols - :lastupdated: March 2019 - :accuratefor: 0.9.39 + :lastupdated: May 2019 + :accuratefor: 0.9.41 .. contents:: @@ -532,7 +532,10 @@ RequestVariableLeaseSetMessage_ and contains all of the [Lease]_ structures that should be published to the I2NP Network Database. Sent from Client to Router. -Since release 0.9.38. See proposal 123 for more information. +Since release 0.9.39. +Per-client authentication for EncryptedLeaseSet supported as of 0.9.41. +MetaLeaseSet is not yet supported via I2CP. +See proposal 123 for more information. Contents ```````` From 0436cb8f80fe0496c6dedbf343ada179c53dd8a5 Mon Sep 17 00:00:00 2001 From: zzz Date: Wed, 22 May 2019 18:31:37 +0000 Subject: [PATCH 7/9] PSK/DH clarification --- i2p2www/spec/proposals/123-new-netdb-entries.rst | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/i2p2www/spec/proposals/123-new-netdb-entries.rst b/i2p2www/spec/proposals/123-new-netdb-entries.rst index 81e05ca3..585c0f3f 100644 --- a/i2p2www/spec/proposals/123-new-netdb-entries.rst +++ b/i2p2www/spec/proposals/123-new-netdb-entries.rst @@ -5,7 +5,7 @@ New netDB Entries :author: zzz, str4d, orignal :created: 2016-01-16 :thread: http://zzz.i2p/topics/2051 - :lastupdated: 2019-05-21 + :lastupdated: 2019-05-22 :status: Open :supercedes: 110, 120, 121, 122 @@ -1123,6 +1123,8 @@ authCookie = DECRYPT(clientKey_i, clientIV_i, clientCookie_i) Pre-shared key client authorization ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Each client generates a secret 32-byte key ``psk_i``, and sends it to the server. +Alternatively, the server can generate the secret key, and send it to one or more clients. + Server processing ^^^^^^^^^^^^^^^^^ @@ -1201,10 +1203,13 @@ Downsides of DH client authorization ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Requires N + 1 DH operations on the server side for N clients. - Requires one DH operation on the client side. +- Requires the client to generate the secret key. Advantages of PSK client authorization ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Requires no DH operations. +- Allows the server to generate the secret key. +- Allows the server to share the same key with multiple clients, if desired. Downsides of PSK client authorization ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From 9e5b6bb0d4349a54c30f7af4eb06376ff4e09283 Mon Sep 17 00:00:00 2001 From: zzz Date: Sat, 25 May 2019 14:32:16 +0000 Subject: [PATCH 8/9] fixup after merge --- i2p2www/blog/2019/{06 => 05}/20/help-bootstrap-bote.rst | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename i2p2www/blog/2019/{06 => 05}/20/help-bootstrap-bote.rst (100%) diff --git a/i2p2www/blog/2019/06/20/help-bootstrap-bote.rst b/i2p2www/blog/2019/05/20/help-bootstrap-bote.rst similarity index 100% rename from i2p2www/blog/2019/06/20/help-bootstrap-bote.rst rename to i2p2www/blog/2019/05/20/help-bootstrap-bote.rst From d232577ef30e7f799b5e499b8a91e4597fc631b6 Mon Sep 17 00:00:00 2001 From: zzz Date: Sat, 25 May 2019 14:33:14 +0000 Subject: [PATCH 9/9] encls2 spec update --- i2p2www/spec/encryptedleaseset.rst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/i2p2www/spec/encryptedleaseset.rst b/i2p2www/spec/encryptedleaseset.rst index 812d4918..f2c07cfc 100644 --- a/i2p2www/spec/encryptedleaseset.rst +++ b/i2p2www/spec/encryptedleaseset.rst @@ -4,7 +4,7 @@ Encrypted LeaseSet Specification .. meta:: :category: Protocols :lastupdated: May 2019 - :accuratefor: 0.9.40 + :accuratefor: 0.9.41 .. contents:: @@ -675,6 +675,7 @@ authCookie = DECRYPT(clientKey_i, clientIV_i, clientCookie_i) Pre-shared key client authorization ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Each client generates a secret 32-byte key ``psk_i``, and sends it to the server. +Alternatively, the server can generate the secret key, and send it to one or more clients. Server processing ^^^^^^^^^^^^^^^^^ @@ -753,10 +754,13 @@ Downsides of DH client authorization ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Requires N + 1 DH operations on the server side for N clients. - Requires one DH operation on the client side. +- Requires the client to generate the secret key. Advantages of PSK client authorization ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Requires no DH operations. +- Allows the server to generate the secret key. +- Allows the server to share the same key with multiple clients, if desired. Downsides of PSK client authorization ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^