[Ndn-interest] Complete trust management from scratch in ndn-cxx

Mon Oct 16 07:49:27 PDT 2017

Dear all,

I'm struggling with setting up a simple trust/security system in NDN. I
find it difficult to find an updated set information that will work for
all system components. Please correct me if I misunderstood something.

I have a very simple scenario: one producer and one consumer on one
machine. I want to have a central entity (root) and a publisher
(publisher) that will be allowed to publish trusted content.

I first create the root certificate using ndnsec and selfsign it: /
/

/    ndnsec-key-gen -n /root//
/

/    ndnsec-sign-req /root > root.cert/

Next I create a certificate for the publisher and sign it using the root
certificate:

/   ndnsec-key-gen -n /root/publisher > unsigned_publisher.cert//
//   ndnsec-cert-gen -S 201510080000 -E 202010080000  -s /root -i
/root/publisher -r unsigned_publisher.cert  > publisher.cert/

I then used the publisher identity to sign the data:

/    m_ident = m_keyChain.createIdentity(Name("/root/publisher"));//
//    m_info = ndn::security::SigningInfo(m_ident);/

/    m_keyChain.sign(*data, m_info);/

On the consumer side I use a validator to validate data:

/    m_validator->load("sample.cfg");/

/    m_validator->validate (data,//
//            ndn::bind(&Consumer::onValidated, this, _1),//
//            ndn::bind(&Consumer::onValidationFailed, this, _1, _2));/

I want to trust everything signed with the publishers key. The
sample.cfg is:

/    rule//
//    {//
//      id "Sample Rule"//
//      for data//
//      filter//
//      {//
//        type name//
//        name /root/publisher//
//        relation is-prefix-of//
//      }//
//      checker//
//      {//
//        type hierarchical//
//        sig-type rsa-sha256//
//      }//
//    }//
//
//    trust-anchor//
//    {//
//      type file//
//      file-name "root.cert"//
//    }/

Now, when I launch the consumer, it issues an interest, gets the data,
issues another interest to get the key
(/root/publisher/KEY/4%05i%7E%3C%F6%87%2F/%FD%00%00%01_%25%8Bz%80), but
ends up with an error:

/    Malformed certificate (Name does not follow the naming convention
for certificate). /

My question is now, is it how I'm supposed to do this? If yes, what's
the problem here? If not, is there any example tutorial, walking through
the all steps of managing trust in NDN (ndnsec, app, validator)?

Thanks in advance,

Michał

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20171016/3be7f17f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20171016/3be7f17f/attachment.sig>