Help with certificates

Could someone help me with a potentially dumb question here? I'm trying to be able to post from both laptop and cell interchangably. I can't seem to get certificates from my laptop (openssl certs used with amfora) to work on my phone (grapheneOS, f-droid's deedum). The files are on my phone, but deedum doesn't have an option to import them, just a set of textboxes. I've tried copy/pasting the cert information, and deedum said it wasn't a valid cert. I feel like this is a dumb question, but I can't figure it out and I'm almost certain someone on here knows how to manage this. Thanks for your time and patience.

Posted in: s/Deedum

🌲 Half_Elf_Monk

Aug 21 · 4 months ago

4 Comments ↓

🎵 jmcs [mod] · Aug 21 at 20:31:

Hi there,

It's been a while since I first set up the certificates thing in deedum, and I remember having some trouble as well, but can't remember the details, to be honest. I was also starting with Gemini, I was having issues with a lot of stuff.

I was thinking I remembered some talk about this topic in the past, so I went looking, and I found this thread, you might wanna check it out:

— Post in this same subspace

🎵 jmcs [mod] · Aug 21 at 20:49:

And, by the way, I'm not deedum's original author, but I've been adding some improvements and publishing apks with them.

Take a look at the other posts in this subspace if you are interested. And read around to see what those improvements are. Gopher, ANSI color, remembering certs in capsules, multi line input, and preventing deedum from totally closing when navigating back inside a tab, are the most useful ones I remember. Ah, zoomable images too.

feel free to get it and give feedback if you feel so inclined!

🚀 jsreed5 · Dec 15 at 15:08:

I apologize for the necro, but I think I found the issue. @Half_Elf_Monk I assume you used something like the following command to create a client certificate and key. This is given on the Amfora wiki:

openssl req -new -subj "/CN=username" -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -days 1825 -nodes -out cert.pem -keyout key.pem

The core of that command is 'openssl ec', which produces a certificate and key based on elliptic curve cryptography. However, after a cursory glance at the source code, it looks like deedum only supports certs and keys based on RSA cryptography. @jmcs is that correct? If so, deedum would require a code change to read EC keys.

Edit: If it helps, the file I'm looking at in the deedum source is:

— https://github.com/jchaves/deedum/blob/master/lib/models/identity.dart

🎵 jmcs [mod] · Dec 15 at 19:56:

hey @jsreed5 , thanks for bringing this up. First thin I have to say is: you might be right. That's a part of the code that I have not fiddled with. I also don't think I know enough about cryptograpry to trust myself not to fuck something up. I'll have to take a look at the code and the libraries used and see what's supported. I'll report back :)