nix-config

zuckerberg/nix-config

Fork 0

Commit Graph

Author	SHA1	Message	Date
Zuckerberg	9fdadd321c	Verify RSA-SHA256 signatures on all PIA API responses All checks were successful Check Flake / check-flake (push) Successful in 3m18s Details Every PIA API response includes a trailing RSA-SHA256 signature (line 1 = JSON, lines 3+ = base64-encoded signature) which was previously ignored entirely. Add verifyPIAResponse() that checks each response against PIA's public signing key before trusting the data. On verification failure the service aborts and systemd restarts it. Also bump RestartSec to 5m to avoid hammering PIA servers on repeated failures.	2026-02-26 22:06:35 -08:00

Author

SHA1

Message

Date

Zuckerberg

9fdadd321c

Verify RSA-SHA256 signatures on all PIA API responses

Check Flake / check-flake (push) Successful in 3m18s

Details

Every PIA API response includes a trailing RSA-SHA256 signature
(line 1 = JSON, lines 3+ = base64-encoded signature) which was
previously ignored entirely. Add verifyPIAResponse() that checks
each response against PIA's public signing key before trusting
the data. On verification failure the service aborts and systemd
restarts it.

Also bump RestartSec to 5m to avoid hammering PIA servers on
repeated failures.

2026-02-26 22:06:35 -08:00

1 Commits