How to calculate DeviceID via command line


#1

Hi all, I’m new to Syncthing and just building my big picture.

Any smart way to calculate the device ID via CLI tools?

The algo seems to go further then just using

$ openssl x509 -outform DER -in cert.pem | shasum -a 256

or

$ openssl x509 -outform DER -in cert.pem | shasum -a 256 | tr “[:lower:]” “[:upper:]”

or

$ openssl x509 -sha256 -noout -fingerprint -in cert.pem | tr -d : | cut -d= -f2

and then passing it to BASE64 encoding (https://docs.syncthing.net/dev/device-ids.html).

$ openssl x509 -sha256 -noout -fingerprint -in cert.pem | tr -d : | cut -d= -f2 | tr -d “\n” | openssl base64

or (lower-case SHA256)

$ openssl x509 -outform DER -in cert.pem | shasum -a 256 | cut -d" " -f1 | tr -d “\n” | openssl base64

but the actually device id looks different

$ syncthing -device-id | fold -w 16 | cut -c 1-14 | tr -d “-” | tr -d “\n”

I really appreciate your help. Thanks L


(Jakob Borg) #2

You can’t really get all the way there using standard command line tools, because we add check digits using a nonstandard Luhn algorithm. You can get 99% there though:

openssl x509 -outform DER -in cert.pem \
    | openssl sha256 -binary \
    | python -c 'import base64; import sys; print(base64.b32encode(sys.stdin.read()))' \
    | tr -d =

Difference from your attempts are openssl for the digest because we want the raw bytes and not hex, and using Python to get base32 and not base64. There is a base32 utility you can install, too.

This gets you the device ID without check digits. It doesn’t look exactly the same as what Syncthing spits out, but it’s accepted in this format by Syncthing - both in the config and the GUI.

If you really need it in the “final” format you need to use the Syncthing REST API to do the last conversion step.


#3

It was definitively to late yesterday. Otherwise it’s not explainable that I’ve overlooked base32 in the docs. Thanks for the quick response! Yeah, I was expecting such binary format and already experimenting with “xxd” but your inline approach with SHA256 is clearly smarter.

Filtering the check digits out with:

syncthing -device-id | fold -w 16 | cut -c 1-14 | tr -d "-" | tr -d "\n"

gives me the “same” output as your snippet. Thanks! L