Log In
Stellar VPN

Secure your connection

Log In
Security

Security you do not have to think about.

Even if our servers, storage, or network were tampered with, the Stellar VPN app would refuse to connect to anything unsafe. Every server and every VPN configuration is verified inside the app before it can be used.

01

Signed offline

Our server list is signed with a private key that is always kept offline.

02

Verified in the app

The app checks the signature before it trusts any server, URL, or configuration hash.

03

Blocked if changed

If anything has been modified, the app rejects it automatically instead of connecting.

How it works

Simple trust chain

No blind trust. Everything must prove that it is authentic before the app will use it.

1Offline

We sign the server list offline

The private signing key stays offline at all times. It is never shipped in the app and never exposed through the API.

2Verify

The app checks the signature

The app contains only the public key. It verifies the returned server list before trusting any data inside it.

3Choose

Only verified servers can be used

Hostname, download URL, and trusted SHA-256 hash are accepted only if they came from a valid signed list.

4Check

The VPN file is checked too

After download, the app calculates the file hash on your device and compares it with the trusted hash from the signed list.

5Result

Connect only if everything matches

If the signature fails or the file hash does not match, the app stops. No valid proof means no connection.

No trust required. Everything is verified.

What the app receives

The app first receives a signed server list as JSON.

This is the kind of data the app downloads before it verifies the signature, chooses a server, and checks the VPN file. We only show one server below to keep it easy to understand. 

[
  {
    "id": "ch-1",
    "name": "Switzerland – Zurich",
    "hostname": "ch-zurich-1.stellarsecurity.com",
    "config_url": "https://stellarvpnserverstorage.blob.core.windows.net/openvpn/stellar-switzerland.ovpn",
    "config_sha256": "3eb84407f8d8a19d5d7a3b810ea306550c3e841e605679045b135951f0defaf7"
  }
]

id

Identifies the server the app should use. For StellarOS, the secure flow can choose ch-1.

hostname

Tells the app which server this entry belongs to after the signed list has been verified.

config_url

Points to the VPN configuration file the app downloads only after the signed list is trusted.

config_sha256

Acts like the trusted fingerprint of the VPN file. If the file changes, the hash changes, and the app blocks it.

Signed JSONVerified in app.ovpn downloadedSHA-256 checkedConnect or block
What this protects against

What happens if something is changed?

The app is designed to notice tampering before a connection happens.

If someone changes the server list

The signature no longer matches. The app rejects the list and refuses to trust it.

If someone changes a VPN file

The file hash changes. The app compares the downloaded file against the trusted hash and blocks the connection.

If storage or the API is compromised

The app still requires cryptographic proof. Modified data is not enough to fool it.

Public key verification

The app has the public key. The private key stays offline.

The app contains a public key used only for verification. It cannot sign anything. Signing happens separately with the private key, and that private key is kept offline at all times.

  • Private key signs the server list offline
  • Public key verifies it inside the app
  • No valid signature means no trusted server list
Offline private keyused only for signing
sign
Signed server listserver data + signature
verify
Public key in appused only for verification
Trusted SHA-256 hashfrom the signed list
compare
Downloaded VPN filehash calculated on device
match required
Connect or rejectonly valid files proceed
Configuration integrity

Every VPN file is verified before use.

The signed server list includes a trusted SHA-256 fingerprint for each VPN configuration file. After download, the app calculates the file hash locally and compares it to that trusted value.

  • Changed file = changed hash
  • Changed hash in the API = invalid signature
  • Only authentic, untampered configurations are accepted
In plain language

What this means for you

If the server list is modified

The app rejects it because the signature no longer matches.

If a VPN file is modified

The app rejects it because the file hash no longer matches the trusted value.

If everything is valid

The app connects normally using verified server data and a verified VPN configuration.

Get Stellar VPN

Ready to use a VPN that verifies everything?

Download Stellar VPN and connect with confidence. Every server and configuration is checked inside the app before it can be used.

Get Stellar VPN