replace the key.pem and cert.pem

There are two keys involved: public and private key.

The public key is part of the certificate and is transferred over the network. The public key is also the major component used in the device id.

The private key is always kept local and must never be shared with anyone else.

For more insight in how this works, you should read up on asymmetric cryptography.

Thanks.But one assumpe is someone get the private key,maybe he can get the sensitive information from message. that is big risk for us. we are forbidden to use any private key which it is not be encrypt.

You have your policy then and you should follow it. Unfortunately Syncthing doesn’t support encrypted private keys and I’m not sure I see any security gain in doing so, unless paired with something like hardware smartcards / security modules which we also don’t support.

Yea.maybe someone can add a module to encrypted&decrypted the key ,even store the password.but syncthing is open source program,everyone can get the i think currently there no good way to solve my problem from syncthing side .I spend much time on syncthing to fits our solution , because this we have to give up it .

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.