You might want to specify a family your router belongs to. There are two ways to do this: create a new family or join to an existing one.
To create a new family, you must first create a family self-signed certificate and key.
The only key type supported is prime256v1. Use the following list of commands to do this through openssl:
openssl ecparam -name prime256v1 -genkey -out <your family name>.key openssl req -new -key <your family name>.key -out <your family name>.csr touch v3.ext openssl x509 -req -days 3650 -in <your family name>.csr -signkey <your family name>.key -out <your family name>.crt -extfile v3.ext
Specify <your family name>.family.i2p.net for the CN (Common Name) when requested.
Once you are done generating it place <your-family-name>.key and <your-family-name>.crt in the
How to join existing family
Once you and that family agree to do it, they must give you .key and .crt file and you must place in
Publish your family
Run i2pd with the parameters 'family=<your-family-name>', and make sure you have <your-family-name>.key and <your-family-name>.crt in your 'family' folder. If everything is set properly, you router.info will contain two new fields: 'family' and 'family.sig'. If not, your router will complain on startup with log messages starting with "Family:" prefix and severity 'warn' or 'error'.
Export to Java-I2P from i2pd
- Convert private key file to PKCS#8
The private key is in an openssl "EC Parameter File" format:
-----BEGIN EC PARAMETERS----- (base64) -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- (base64) -----END EC PRIVATE KEY-----
It must be converted to PKCS#8 format first.
openssl pkcs8 -topk8 -nocrypt -in your-family-name.key -out your-family-name.pkcs8
Now you have a pkcs8 private key in the your-family-name.pkcs8 file:
-----BEGIN PRIVATE KEY----- (base64) -----END PRIVATE KEY-----
- Combine PKCS#8 and certificate files
Now combine the pkcs8 and certificate files into a single file:
cat your-family-name.pkcs8 your-family-name.crt > your-family-name.secret
- Import combined file
Now go to Java i2p console http://127.0.0.1:7657/configfamily page and Join Existing Router Family selecting the file your-family-name.secret to join that family.
Export to i2pd from Java-I2P
Go to Java i2p console http://127.0.0.1:7657/configfamily page and export family key. You'll have a file
family-your-family-name-secret.crt. It contains both the private key and the public key certificate.
Copy it to
your-family-name.key in a text editor to remove the certificate part so it contains only the private key part.
your-family-name.crt in a text editor to remove the private key part so it contains only the certificate part.
your-family-name.crt files to the i2pd /certificates/family/ folder, as instructed here.
This assumes that i2pd/openssl can handle the PKCS#8 format for the private key.
TODO: List common errors