Skip to content

Commit

Permalink
Update doc firststeps - fingerprint and nickserv magick
Browse files Browse the repository at this point in the history
  • Loading branch information
michaelortmann committed Oct 16, 2024
1 parent 7e603e4 commit 7ed5a2a
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions doc/sphinx_source/tutorials/firststeps.rst
Original file line number Diff line number Diff line change
Expand Up @@ -150,13 +150,17 @@ Simple Authentication and Security Layer (SASL) is becoming a prevalant method o

* **PLAIN**: To use this method, set sasl-mechanism to 0. This method passes the username and password (set in the sasl-username and sasl-password config file settings) to the IRC server in plaintext. If you only connect to the IRC server using a connection protected by SSL/TLS this is a generally safe method of authentication; however you probably want to avoid this method if you connect to a server on a non-protected port as the exchange itself is not encrypted.

* **ECDSA-NIST256P-CHALLENGE**: To use this method, set sasl-mechanism to 1. This method uses a public/private keypair to authenticate, so no username/password is required. Not all servers support this method. If your server does support this, you you must generate a certificate pair using::
* **ECDSA-NIST256P-CHALLENGE**: To use this method, set sasl-mechanism to 1. This method uses a public/private keypair to authenticate, so no username/password is required. Not all servers support this method. If your server does support this, you must generate a certificate pair using::

openssl ecparam -genkey -name prime256v1 -out eggdrop-ecdsa.pem

You will need to determine your public key fingerprint by using::

openssl ec -noout -text -conv_form compressed -in eggdrop-ecdsa.pem | grep '^pub:' -A 3 | tail -n 3 | tr -d ' \n:' | xxd -r -p | base64
openssl ec -noout -text -conv_form compressed -in eggdrop-ecdsa.pem 2>/dev/null | grep '^pub:' -A 3 | tail -n 3 | tr -d ' \n:' | xxd -r -p | base64

If error "xxd: command not found" you could install vim, because xxd is a part of vim, or you could try python::

openssl ec -noout -text -conv_form compressed -in eggdrop-ecdsa.pem 2>/dev/null| grep '^pub:' -A 3 | tail -n 3 | tr -d ' \n:' | python -c "import base64,sys;print(base64.b64encode(bytearray.fromhex(sys.stdin.readline())).decode())"

Then, authenticate with your NickServ service and register your public certificate with NickServ. You can view your public key On Libera for example, it is done by::

Expand All @@ -173,3 +177,7 @@ You will need to determine your public key fingerprint by using::
Then, ensure you have those keys loaded in the ssl-privatekey and ssl-certificate settings in the config file. Finally, to add this certificate to your NickServ account, type::

/msg NickServ cert add <fingerprint string from above goes here>

Alternatively you could connect via ssl and if NickServ supports it, make it automatically determine and add your fingerprint in just the right format:

/msg NickServ cert add

0 comments on commit 7ed5a2a

Please sign in to comment.