[Ndn-interest] Complete trust management from scratch in ndn-cxx
Pedro de las Heras Quirós
pheras at gmail.com
Fri Oct 27 02:06:43 PDT 2017
Dear Michal,
Hope this helps:
https://github.com/evaCastro/ndn-signed-data
Salud,
Pedro de las Heras Quirós
On Mon, Oct 16, 2017 at 4:49 PM, Michał Król <m.krol at ucl.ac.uk> wrote:
> Dear all,
>
> I'm struggling with setting up a simple trust/security system in NDN. I
> find it difficult to find an updated set information that will work for all
> system components. Please correct me if I misunderstood something.
>
> I have a very simple scenario: one producer and one consumer on one
> machine. I want to have a central entity (root) and a publisher (publisher)
> that will be allowed to publish trusted content.
>
> I first create the root certificate using ndnsec and selfsign it:
>
> * ndnsec-key-gen -n /root*
>
> * ndnsec-sign-req /root > root.cert*
>
> Next I create a certificate for the publisher and sign it using the root
> certificate:
>
> * ndnsec-key-gen -n /root/publisher > unsigned_publisher.cert*
> * ndnsec-cert-gen -S 201510080000 -E 202010080000 -s /root -i
> /root/publisher -r unsigned_publisher.cert > publisher.cert*
>
>
> I then used the publisher identity to sign the data:
>
> * m_ident = m_keyChain.createIdentity(Name("/root/publisher"));*
> * m_info = ndn::security::SigningInfo(m_ident);*
>
> * m_keyChain.sign(*data, m_info);*
>
> On the consumer side I use a validator to validate data:
>
> * m_validator->load("sample.cfg");*
>
> * m_validator->validate (data,*
> * ndn::bind(&Consumer::onValidated, this, _1),*
> * ndn::bind(&Consumer::onValidationFailed, this, _1, _2));*
>
>
> I want to trust everything signed with the publishers key. The sample.cfg
> is:
>
> * rule*
> * {*
> * id "Sample Rule"*
> * for data*
> * filter*
> * {*
> * type name*
> * name /root/publisher*
> * relation is-prefix-of*
> * }*
> * checker*
> * {*
> * type hierarchical*
> * sig-type rsa-sha256*
> * }*
> * }*
>
> * trust-anchor*
> * {*
> * type file*
> * file-name "root.cert"*
> * }*
>
> Now, when I launch the consumer, it issues an interest, gets the data,
> issues another interest to get the key (/root/publisher/KEY/4%05i%7E%
> 3C%F6%87%2F/%FD%00%00%01_%25%8Bz%80), but ends up with an error:
>
> * Malformed certificate (Name does not follow the naming convention for
> certificate). *
>
>
> My question is now, is it how I'm supposed to do this? If yes, what's the
> problem here? If not, is there any example tutorial, walking through the
> all steps of managing trust in NDN (ndnsec, app, validator)?
>
> Thanks in advance,
>
> Michał
>
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20171027/784d05a7/attachment.html>
More information about the Ndn-interest
mailing list