zerotier-idtool

Generate new identity

$ zerotier-idtool generate [identity.secret]

$ zerotier-idtool getpublic [identity.secret]

$ zerotier-idtool sign [identity.secret] [file]

$ zerotier-idtool verify [identity.public] [file] [signature]

$ zerotier-idtool info [identity.secret]

zerotier-idtool command [args]

zerotier-idtool manages ZeroTier cryptographic identities. Identities consist of a secret key (kept private) and a public key that derives the 10-digit ZeroTier address.
The tool can generate new identities, extract public keys, and perform cryptographic operations like signing and verification. This is useful for backup, migration, and creating custom network infrastructure.
Identities are automatically generated when zerotier-one first starts, stored in the ZeroTier home directory (typically /var/lib/zerotier-one/).
For advanced users, the tool supports creating "moons" - custom root servers for private ZeroTier infrastructure.

generate secretfile_

Generate new identity, write to file

Output public identity from secret

Sign file with identity

Verify signature against public identity

Display identity information (address, type)

Initialize moon (custom root) definition

Generate moon.d file from JSON definition

identity.secret files must be kept secure. Anyone with this file can impersonate that ZeroTier node.
Regenerating an identity creates a new address. Existing network memberships must be re-authorized.
Moon creation requires understanding ZeroTier's root server architecture.

zerotier-cli(1), zerotier-one(8)