Skip to main content

Verify Utility Binary

Quick Start

Execute the verify nodectl command after logging into your node.

sudo nodectl verify_nodectl

You should receive a successful message

SUCCESSFUL - AUTHENTIC NODECTL

or if the version is not valid

INVALID SIGNATURE - WARNING

Short Option

You can also minimize the displayed output using the -s option.

sudo nodectl verify_nodectl -s

Understanding verify_nodectl

After issuing the command sudo nodectl verify_nodectl on your node you should respond with validation output, as described in this section of the documentation.

After we initiate the verify_nodectl command, nodectl will reach out to the GitHub repository and download:

  • Public Key
  • Signature Hash
  • Signature File
nodeadmin@Constellation-Node:~$ sudo nodectl verify_nodectl
[sudo] password for nodeadmin:

========================================
= CONSTELLATION NETWORK HYPERGRAPH     =
= VERIFY NODECTL                       =
= WARNING VERIFY KEYS                  =
========================================
Code Name: Princess Warrior

fetching public key ........................... complete
fetching digital signature hash ............... complete
fetching digital signature .................... complete

nodectl will display the public key that was found for this particular version of nodectl. For added security you can access the GitHub repository and compare the key located within the repository against what is displayed by nodectl. This will help to guard against "man-in-the-middle" attacks.

man-in-the-middle attack? â–¼
IMPORTANT

When following the URL below 👇 you should check the SSL certificate on GitHub to verify you are not being directed to a phishing website, and that the GitHub repo name matches StardustCollective -> nodectl.

The public key shown below is not valid.

PUBLIC KEY
=============================================
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6PYmRU353OXMAE6ui5SwBM8PGKUgCqPy8eBjuQMyeuWu3OHSjLVXR7ybA46OsS8qTKWJMw2ywPo9v03i3XWgmQF8yNsLkbYvix//4V0NJQ6yiq+NynbqXp2aHYRTiTHjL6tasVB3KMLgEi/twI/AE+jglU0tXjiHrED12KeclAhm8NjRRWlfTVHTvqQayHXSqAa3s31EADAJlXcr5Lvyx6ghLshwBPIOqmK8pY5qObgseTJ1qbHLhFWw6g6HIz/t4+nSFf5Rf7JhbfpdftiLlei3fRxG84818UAINsVMXR/qsqKizDW1Q4LObKYlsXM2ltNcv8B/gssqpTOQj4XBCWXJTj96RgOh8kbSDrfqElVBtrrXF8er4vRoG+O4Ztress+5LLSZ6j+V8SwuDjLf9Hz9Oy0sOEubG4bmKLhXSiDjAzAN/ZviFBDYMo0QURmpeImHRJ42xmqFPdSPglX301b+vl+7c0PfFwy+ZrnK82y7uBrGZqb8QlSd6b7yVfKuNU7WwBDpM5FrJCi2dQTy4rXHK+Gj9Zu0aNfaEUw88vB3rSuPsvZD6J9OcpWHGDvfXWH39YZHPHqycIgtYTBmZiiWdqOjhd+55Pwzj4uKltyVV0MLcrcDOLPNOd+VQDhJOjVuWXaNdnwTbTVgwB8vWrvkwk 9dkm1eENXwECAwEAAQ==
-----END PUBLIC KEY-----

To further secure that you have the correct binary that was authenticated with a matching PUBLIC KEY found in yellow [above]. Please open the following url in our local browser to compare to the authentic repository via https secure hypertext transport protocol.

nodectl will display the URL you need to use to connect for your own manual validation. This will help us verify we were not redirected to a phishing site and allow us to compare notes against the output of the command.

https://raw.githubusercontent.com/StardustCollective/nodectl/nodectl_v2130/admin/nodectl_public

nodectl will download and show us the hash that our digital signature should produce. As stated above, we can verify this hash against the GitHub repository as well.

BINARY HASH
=============================================
SHA256(nodectl_x86_64)= decb0a84724c78bdd0cf57ae771545950dd2f135d8d4280bb5ac8491e8f23d71

To further secure that you have the correct binary that was authenticated with a matching BINARY HASH found in yellow [above]. Please open the following url in our local browser to compare to the authentic repository via https secure hypertext transport protocol.

nodectl will present the URL where we can connect, verify we are not redirected to a phishing site, and compare notes against the output of the verify_nodectl command.


https://raw.githubusercontent.com/StardustCollective/nodectl/nodectl_v2130/admin/nodectl_v2130 _x86_64.sha256

Finally we should receive a valid successful message!

verifying signature match .....................

VERIFICATION RESULT
SUCCESSFUL - AUTHENTIC NODECTL
Review logs for details.

We can review the logs for more details.

sudo nodectl logs -l nodectl

Digital Signatures

In order to increase the security measures, the Constellation Network supported binary version of nodectl has been digitally signed.

What do you mean by digitally signed? â–¼

nodectl will automatically handle all aspects of the validation for you, you do not need to to do anything other than execute the validate_nodectl command.

Extra security

In order to defend against "man in the middle" attacks, you can retrieve and review the public key and valid signature hash for the version of nodectl you are running, via the GitHub repository.

Phishing Attempts

Make sure you are reviewing the hashes and public key for the version of nodectl you are currently running.

This is done by simply making sure you are on the proper branch of nodectl in the GitHub repository which is offered as a link during the execution of the command; however, you should validate that you are navigating the official nodectl repository and not via a phishing attempt.

https://github.com/StardustCollective/nodectl