[Ndn-interest] Complete trust management from scratch in ndn-cxx

Fri Oct 27 02:06:43 PDT 2017

Dear Michal,

Hope this helps:
https://github.com/evaCastro/ndn-signed-data

Salud,
Pedro de las Heras Quirós

On Mon, Oct 16, 2017 at 4:49 PM, Michał Król <m.krol at ucl.ac.uk> wrote:

> Dear all,
>
> I'm struggling with setting up a simple trust/security system in NDN. I
> find it difficult to find an updated set information that will work for all
> system components. Please correct me if I misunderstood something.
>
> I have a very simple scenario: one producer and one consumer on one
> machine. I want to have a central entity (root) and a publisher (publisher)
> that will be allowed to publish trusted content.
>
> I first create the root certificate using ndnsec and selfsign it:
>
> *    ndnsec-key-gen -n /root*
>
> *    ndnsec-sign-req /root > root.cert*
>
> Next I create a certificate for the publisher and sign it using the root
> certificate:
>
> *   ndnsec-key-gen -n /root/publisher > unsigned_publisher.cert*
> *   ndnsec-cert-gen -S 201510080000 -E 202010080000  -s /root -i
> /root/publisher -r unsigned_publisher.cert  > publisher.cert*
>
>
> I then used the publisher identity to sign the data:
>
> *    m_ident = m_keyChain.createIdentity(Name("/root/publisher"));*
> *    m_info = ndn::security::SigningInfo(m_ident);*
>
> *    m_keyChain.sign(*data, m_info);*
>
> On the consumer side I use a validator to validate data:
>
> *    m_validator->load("sample.cfg");*
>
> *    m_validator->validate (data,*
> *            ndn::bind(&Consumer::onValidated, this, _1),*
> *            ndn::bind(&Consumer::onValidationFailed, this, _1, _2));*
>
>
> I want to trust everything signed with the publishers key. The sample.cfg
> is:
>
> *    rule*
> *    {*
> *      id "Sample Rule"*
> *      for data*
> *      filter*
> *      {*
> *        type name*
> *        name /root/publisher*
> *        relation is-prefix-of*
> *      }*
> *      checker*
> *      {*
> *        type hierarchical*
> *        sig-type rsa-sha256*
> *      }*
> *    }*
>
> *    trust-anchor*
> *    {*
> *      type file*
> *      file-name "root.cert"*
> *    }*
>
> Now, when I launch the consumer, it issues an interest, gets the data,
> issues another interest to get the key (/root/publisher/KEY/4%05i%7E%
> 3C%F6%87%2F/%FD%00%00%01_%25%8Bz%80), but ends up with an error:
>
> *    Malformed certificate (Name does not follow the naming convention for
> certificate). *
>
>
> My question is now, is it how I'm supposed to do this? If yes, what's the
> problem here? If not, is there any example tutorial, walking through the
> all steps of managing trust in NDN (ndnsec, app, validator)?
>
> Thanks in advance,
>
> Michał
>
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20171027/784d05a7/attachment.html>