71 lines
2.6 KiB
Markdown
71 lines
2.6 KiB
Markdown
|
# Приложение Б. Reality public keys узлов Montana
|
|||
|
|
|
|||
|
|
Публичные параметры VPN-каскада. **Только публичные ключи** — privкeys хранятся на соответствующих узлах с UNIX 0640.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Helsinki (`91.132.142.42`)
|
|||
|
|
|
|||
|
|
| Параметр | Значение |
|
|||
|
|
|----------|----------|
|
|||
|
|
| Reality public key (X25519) | `EkTs2aGKnFNgFZ0f7wgft2sJp3VjwFQqIrwkZKM4gD8` |
|
|||
|
|
| shortId | `302805bc0c25e504` |
|
|||
|
|
| serverName (SNI mimicry) | `www.googletagmanager.com` |
|
|||
|
|
| publicly-exposed UUID | `e6d355e2-2d79-4c96-a373-3b0e6b6f4b0d` (универсальный) |
|
|||
|
|
| Pinned email tag | `universal` |
|
|||
|
|
| Fingerprint mimic | `chrome` |
|
|||
|
|
| dest | `www.googletagmanager.com:443` |
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Frankfurt (`89.19.208.158`) — cascade exit only
|
|||
|
|
|
|||
|
|
| Параметр | Значение |
|
|||
|
|
|----------|----------|
|
|||
|
|
| Reality public key | `8MYYI4RX3Ra8ICkuqwexMhA5q1EWi87M1G0tX-h0iiM` |
|
|||
|
|
| shortId | `97688ead4874632a` |
|
|||
|
|
| UUID для cascade outbound (Helsinki → Frankfurt) | `e80af4df-8d46-413a-ad28-0f6bf2a300b8` (email `fra-genesis`) |
|
|||
|
|
|
|||
|
|
**Не публичен для клиентов** — только Helsinki использует для cascade.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## NewYork (`86.104.72.12`) — cascade exit only
|
|||
|
|
|
|||
|
|
| Параметр | Значение |
|
|||
|
|
|----------|----------|
|
|||
|
|
| Reality public key | `Sl4UZi0RTTYemu7-NAm-bI3M1DUzidqa_jn2eVqvVA8` |
|
|||
|
|
| shortId | `b4a1b7eada8a4949` |
|
|||
|
|
| UUID для cascade outbound (Helsinki → NewYork) | `b17dd919-772d-4268-a724-9b866b92d12b` (email `us-cascade`) |
|
|||
|
|
|
|||
|
|
**Не публичен для клиентов**.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Genesis APK signing key
|
|||
|
|
|
|||
|
|
| Параметр | Значение |
|
|||
|
|
|----------|----------|
|
|||
|
|
| Алгоритм | SHA384withRSA |
|
|||
|
|
| Размер | 4096 bit |
|
|||
|
|
| Owner | `CN=Montana VPN, O=Montana Network, L=Genesis, C=RU` |
|
|||
|
|
| Valid from | 2026-05-06 |
|
|||
|
|
| Valid to | 2126-04-12 (100 лет) |
|
|||
|
|
| **SHA-256 fingerprint** | `305bc99b40e6106f28c6fcc5dce4772761d2630d5aca9fee076dc0691913ce4d` |
|
|||
|
|
| **SHA-1 fingerprint** | `a0be58ad4d9c353eb954daf530d808ff661d9a01` |
|
|||
|
|
| Alias | `montana` |
|
|||
|
|
|
|||
|
|
Storage: `/Users/kh./Python/Ничто/Montana/Android/keystore/montana.keystore` (offline, у автора).
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Backend service identification
|
|||
|
|
|
|||
|
|
| Узел | DNS | TLS Certificate |
|
|||
|
|
|------|-----|-----------------|
|
|||
|
|
| `cdn.montana.quest` | A `91.132.142.42` | (нет TLS — Reality на :443) |
|
|||
|
|
| `montana.quest` | A `176.124.208.93` | Let's Encrypt RSA 2048-bit, прод |
|
|||
|
|
| `hub.montana.quest` | A `176.124.208.93` | Let's Encrypt |
|
|||
|
|
|
|||
|
|
Все Let's Encrypt сертификаты ротируются автоматически через `certbot` cron на Moscow.
|