How do I generate new *.pem files for my current configuration?


I have the following configuration files (my dotfiles) in a public Git repo:

jorge@sanson-gnu ~/.config
> $ tree -L 2                                                                                                              [±master ✓]
└── syncthing
    ├── cert.pem
    ├── config.xml
    ├── config.xml.v4
    ├── config.xml.v5
    ├── csrftokens.txt
    ├── https-cert.pem
    ├── https-key.pem
    └── key.pem

1 directory, 8 files

I realized this was a huge mistake and I want to change all *.pem files to ensure I cannot be impersonated by any attacker.

I know there is syncthing -generate="blah" command but deleting ~/.config/syncthing and issuing syncthing -generate="syncthing" at ~/.config/ do not generate new private cryptographic keys of any type.

My Syncthing version is syncthing v0.14.49 "Dysprosium Dragonfly" (go1.10.3 linux-amd64).

You can just delete existing ones and restart syncthing I think.


My -generate does take a parameter. But yes, in the default location new keys will be created if they are missing.

jb@kvar:~ $ syncthing -generate=asdasd
09:03:04 INFO: Default folder created and/or linked to new config
jb@kvar:~ $ ls -l asdasd/
total 24
-rw-r--r--  1 jb  staff   615 Aug  2 09:03 cert.pem
-rw-------  1 jb  staff  3638 Aug  2 09:03 config.xml
-rw-------  1 jb  staff   288 Aug  2 09:03 key.pem
jb@kvar:~ $

Remember, you will have to accept the new device ID on your existing devices.

Yes, deleting the configuration and accepting the new ID did the job, thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.