<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I looked a bit deeper in the code and I found the reason of the
problem. <br>
</p>
<p>ndn-cxx is expecting "KEY" as the second component in the
certificate name. However, my certificate name is:
"/root/publisher/KEY/%AF%C7%D8y3%5De%06/%FD%00%00%01_D8%F1%A4", so
"KEY" is the third component. </p>
<p>When I changed the code to put "/root/" in the Interest instead
of "/root/site1" it solved the problem and the signature is
verified correctly. In future experiments I would like to
implement a hierarchy of trust. Do you know what is the problem
here?</p>
<p>Best,</p>
<p>Michał<br>
</p>
<br>
<div class="moz-cite-prefix">On 17/10/17 10:49, Michał Król wrote:<br>
</div>
<blockquote type="cite"
cite="mid:d78599a8-d4de-1a20-0b2a-036d1566c8d8@ucl.ac.uk">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p>Hi Matteo, <br>
</p>
<p>thanks for your message. It's just a formatting problem. For
some reason my mail client decide to replace tabs with "/" and
"?". There are not present in the files though. <br>
</p>
<p>I've seen your tutorial before. Actually, it was the only
complete solution it could find online, so I was basing heavily
on it. Thank you. My setup seems only slightly different, but I
still can't make it work. <br>
</p>
<p>Best,</p>
<p>Michał<br>
</p>
<p><br>
</p>
<br>
<blockquote type="cite"
cite="mid:EAB20BA3-4E53-44A8-8CF9-5C1DF292037F@ucl.ac.uk">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<br class="">
<div style=""><br class="">
<blockquote type="cite" class="">
<div class="">Begin forwarded message:</div>
<br class="Apple-interchange-newline">
<div style="margin-top: 0px; margin-right: 0px;
margin-bottom: 0px; margin-left: 0px;" class=""> <span
style="font-family: -webkit-system-font, Helvetica Neue,
Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);"
class=""><b class="">From: </b></span><span
style="font-family: -webkit-system-font, Helvetica Neue,
Helvetica, sans-serif;" class="">Matteo Bertolino <<a
href="mailto:Matteo.Bertolino@eurecom.fr" class=""
moz-do-not-send="true">Matteo.Bertolino@eurecom.fr</a>><br
class="">
</span></div>
<div style="margin-top: 0px; margin-right: 0px;
margin-bottom: 0px; margin-left: 0px;" class=""> <span
style="font-family: -webkit-system-font, Helvetica Neue,
Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);"
class=""><b class="">Subject: </b></span><span
style="font-family: -webkit-system-font, Helvetica Neue,
Helvetica, sans-serif;" class=""><b class="">Re:
[Ndn-interest] Complete trust management from scratch
in ndn-cxx</b><br class="">
</span></div>
<div style="margin-top: 0px; margin-right: 0px;
margin-bottom: 0px; margin-left: 0px;" class=""> <span
style="font-family: -webkit-system-font, Helvetica Neue,
Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);"
class=""><b class="">Date: </b></span><span
style="font-family: -webkit-system-font, Helvetica Neue,
Helvetica, sans-serif;" class="">16 October 2017
19:49:16 BST<br class="">
</span></div>
<div style="margin-top: 0px; margin-right: 0px;
margin-bottom: 0px; margin-left: 0px;" class=""> <span
style="font-family: -webkit-system-font, Helvetica Neue,
Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);"
class=""><b class="">To: </b></span><span
style="font-family: -webkit-system-font, Helvetica Neue,
Helvetica, sans-serif;" class=""><<a
href="mailto:ndn-interest@lists.cs.ucla.edu" class=""
moz-do-not-send="true">ndn-interest@lists.cs.ucla.edu</a>><br
class="">
</span></div>
<br class="">
<div class="">Hello,<br class="">
why do you have the "//" in each line of the validator?<br
class="">
I am by phone so I cannot provide you easily a good
answer, but you can find a completed and commented use
case here: <a
href="https://github.com/MatteoBertolino92/NDN-matteo/blob/master/ndncxx_miniNDN_someUseCases_nacks__certificates__interest_verification.pdf"
class="" moz-do-not-send="true">
https://github.com/MatteoBertolino92/NDN-matteo/blob/master/ndncxx_miniNDN_someUseCases_nacks__certificates__interest_verification.pdf</a><br
class="">
<br class="">
Section 3. Write me if u need some clarifications.<br
class="">
Matteo<br class="">
<br class="">
<br class="">
Quoting Micha? Król <<a href="mailto:m.krol@ucl.ac.uk"
class="" moz-do-not-send="true">m.krol@ucl.ac.uk</a>>:<br
class="">
<br class="">
<blockquote type="cite" class="">Dear all,<br class="">
<br class="">
I'm struggling with setting up a simple trust/security
system in NDN. I<br class="">
find it difficult to find an updated set information
that will work for<br class="">
all system components. Please correct me if I
misunderstood something.<br class="">
<br class="">
I have a very simple scenario: one producer and one
consumer on one<br class="">
machine. I want to have a central entity (root) and a
publisher<br class="">
(publisher) that will be allowed to publish trusted
content.<br class="">
<br class="">
I first create the root certificate using ndnsec and
selfsign it: /<br class="">
/<br class="">
<br class="">
/ ndnsec-key-gen -n /root//<br class="">
/<br class="">
<br class="">
/ ndnsec-sign-req /root > root.cert/<br class="">
<br class="">
Next I create a certificate for the publisher and sign
it using the root<br class="">
certificate:<br class="">
<br class="">
/ ndnsec-key-gen -n /root/publisher >
unsigned_publisher.cert//<br class="">
// ndnsec-cert-gen -S 201510080000 -E 202010080000 -s
/root -i<br class="">
/root/publisher -r unsigned_publisher.cert >
publisher.cert/<br class="">
<br class="">
<br class="">
I then used the publisher identity to sign the data:<br
class="">
<br class="">
/ m_ident =
m_keyChain.createIdentity(Name("/root/publisher"));//<br
class="">
// m_info = ndn::security::SigningInfo(m_ident);/<br
class="">
<br class="">
/ m_keyChain.sign(*data, m_info);/<br class="">
<br class="">
On the consumer side I use a validator to validate data:<br
class="">
<br class="">
/ m_validator->load("sample.cfg");/<br class="">
<br class="">
/ m_validator->validate (data,//<br class="">
// ndn::bind(&Consumer::onValidated,
this, _1),//<br class="">
//
ndn::bind(&Consumer::onValidationFailed, this, _1,
_2));/<br class="">
<br class="">
<br class="">
I want to trust everything signed with the publishers
key. The<br class="">
sample.cfg is:<br class="">
<br class="">
/ rule//<br class="">
// {//<br class="">
// id "Sample Rule"//<br class="">
// for data//<br class="">
// filter//<br class="">
// {//<br class="">
// type name//<br class="">
// name /root/publisher//<br class="">
// relation is-prefix-of//<br class="">
// }//<br class="">
// checker//<br class="">
// {//<br class="">
// type hierarchical//<br class="">
// sig-type rsa-sha256//<br class="">
// }//<br class="">
// }//<br class="">
//<br class="">
// trust-anchor//<br class="">
// {//<br class="">
// type file//<br class="">
// file-name "root.cert"//<br class="">
// }/<br class="">
<br class="">
<br class="">
Now, when I launch the consumer, it issues an interest,
gets the data,<br class="">
issues another interest to get the key<br class="">
(/root/publisher/KEY/4%05i%7E%3C%F6%87%2F/%FD%00%00%01_%25%8Bz%80), but<br
class="">
ends up with an error:<br class="">
<br class="">
/ Malformed certificate (Name does not follow the
naming convention<br class="">
for certificate). /<br class="">
<br class="">
<br class="">
My question is now, is it how I'm supposed to do this?
If yes, what's<br class="">
the problem here? If not, is there any example tutorial,
walking through<br class="">
the all steps of managing trust in NDN (ndnsec, app,
validator)?<br class="">
<br class="">
Thanks in advance,<br class="">
<br class="">
Micha?<br class="">
<br class="">
<br class="">
</blockquote>
<br class="">
<br class="">
<br class="">
-------------------------------------------------------------------------------<br
class="">
This message was sent using EURECOM Webmail: <a
href="http://webmail.eurecom.fr" class=""
moz-do-not-send="true"> http://webmail.eurecom.fr</a><br
class="">
<br class="">
_______________________________________________<br
class="">
Ndn-interest mailing list<br class="">
<a href="mailto:Ndn-interest@lists.cs.ucla.edu" class=""
moz-do-not-send="true">Ndn-interest@lists.cs.ucla.edu</a><br
class="">
<a class="moz-txt-link-freetext"
href="http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest"
moz-do-not-send="true">http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest</a><br
class="">
</div>
</blockquote>
</div>
<br class="">
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>