Connection Strings

Orb encrypts your TLS certificate and Macaroon using a unique (to your device) 512 bits RSA key. This is because this information should never exist outside of your node unencrypted.

The connection strings are denser forms of:

import rsa
import base64
import os

pub_key = rsa.PublicKey.load_pkcs1(
    b"-----BEGIN RSA PUBLIC KEY-----\n...\n-----END RSA PUBLIC KEY-----\n"
)

cert = open(os.path.expanduser("~/.lnd/tls.cert")).read()

for i in range(0, len(cert), 53):
    # get the 53 character long chunk from the certificate
    cert_chunk = cert[i : i + 53].encode()
    # encrypt it using the 512 bit RSA key
    cert_chunk_rsa = rsa.encrypt(cert_chunk, pub_key)
    # encoded as base64
    cert_chunk_rsa_base64 = base64.b64encode(cert_chunk_rsa).decode()
    # print the encoded chunk
    print(cert_chunk_rsa_base64)

The command is similar for the Macaroon, although the path is simply substituted for ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon.

The 53 is because a 512 bit RSA key can only encode a maximum of 53 characters.

512 bits is not considered enough, and we will consider using a larger key once we have more clarity surrounding the use of encryption in IOS App Store applications.