zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity
Files
96d1a443b6c3ef873df2cff7ff7c3a4ca7fc775e
nix-config/common/network/pia-vpn/pubkey.pem
Zuckerberg 9fdadd321c
All checks were successful
Check Flake / check-flake (push) Successful in 3m18s
Details
Verify RSA-SHA256 signatures on all PIA API responses 
Every PIA API response includes a trailing RSA-SHA256 signature
(line 1 = JSON, lines 3+ = base64-encoded signature) which was
previously ignored entirely. Add verifyPIAResponse() that checks
each response against PIA's public signing key before trusting
the data. On verification failure the service aborts and systemd
restarts it.

Also bump RestartSec to 5m to avoid hammering PIA servers on
repeated failures.
2026-02-26 22:06:35 -08:00

10 lines
451 B
Plaintext
Raw Blame History

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLYHwX5Ug/oUObZ5eH5P
rEwmfj4E/YEfSKLgFSsyRGGsVmmjiXBmSbX2s3xbj/ofuvYtkMkP/VPFHy9E/8ox
Y+cRjPzydxz46LPY7jpEw1NHZjOyTeUero5e1nkLhiQqO/cMVYmUnuVcuFfZyZvc
8Apx5fBrIp2oWpF/G9tpUZfUUJaaHiXDtuYP8o8VhYtyjuUu3h7rkQFoMxvuoOFH
6nkc0VQmBsHvCfq4T9v8gyiBtQRy543leapTBMT34mxVIQ4ReGLPVit/6sNLoGLb
gSnGe9Bk/a5V/5vlqeemWF0hgoRtUxMtU1hFbe7e8tSq1j+mu0SHMyKHiHd+OsmU
IQIDAQAB
-----END PUBLIC KEY-----
Reference in New Issue View Git Blame Copy Permalink