cert

Documentation

Overview

Package cert handles TLS certificate generation and fingerprinting for KDE Connect. KDE Connect uses self-signed certificates with long validity periods. Identity is established by comparing the SHA256 fingerprint of the certificate. The certificate's Common Name (CN) MUST match the device ID.

Index

• func Fingerprint(cert *x509.Certificate) string
• func GenerateSelfSigned(deviceID string) (*tls.Certificate, error)
• func LoadOrGenerate(certFile, keyFile, deviceID string) (*tls.Certificate, error)
• func TLSConfig(cert *tls.Certificate) *tls.Config
• func VerificationKey(localCert, remoteCert *x509.Certificate) string

Functions

func Fingerprint

func Fingerprint(cert *x509.Certificate) string

Fingerprint returns the SHA256 hex string of the given certificate. This is used for verifying device identity after pairing.

func GenerateSelfSigned

func GenerateSelfSigned(deviceID string) (*tls.Certificate, error)

GenerateSelfSigned creates a new 2048-bit RSA key and a self-signed X.509 certificate valid for 10 years, which matches the KDE Connect reference implementation. The deviceID is used as the certificate's Common Name (CN), which KDE Connect verifies matches the deviceId in identity packets.

func LoadOrGenerate

func LoadOrGenerate(certFile, keyFile, deviceID string) (*tls.Certificate, error)

LoadOrGenerate tries to load a TLS certificate from the given paths. If the files do not exist, it generates a new self-signed certificate with the given deviceID as Common Name and writes it to disk.

func TLSConfig

func TLSConfig(cert *tls.Certificate) *tls.Config

TLSConfig returns the standard tls.Config used for KDE Connect.

func VerificationKey

func VerificationKey(localCert, remoteCert *x509.Certificate) string

VerificationKey generates a verification fingerprint used for out-of-band pairing verification. It creates a SHA256 hash of the concatenated public keys to display a fingerprint.