search

oxen-io / lokinet

Lokinet is an anonymous, decentralized and IP based overlay network for the internet.
https://lokinet.org/
GNU General Public License v3.0
1.71k stars 221 forks source link

Add encrypted/authenticated IPC listener support #2122

Open jagerman opened 1 year ago

jagerman commented 1 year ago

Something that would be very useful is to be able to expose an encrypted/authenticated but public listener. This needs two config additions:

  1. We need to be able to specify the address on which we listen_curve().
  2. We need to be able to specify one (or more) public keys that will be accepted.

Something like this in the config:

[api]
bind_curve = tcp://0.0.0.0:1234
curve_pubkey = abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789

This would then use listen_curve() on that address (in addition to any of the listen_plain()s that happen from the bind options currently).

listen_curve() takes an "allow" callback: the allow callback would be looking at the public key and return AuthLevel::admin if it is in the curve_pubkey list, otherwise AuthLevel::denied to refuse the connection.

Originally posted by @jagerman in https://github.com/oxen-io/lokinet/issues/2111#issuecomment-1382254445