<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>I looked a bit deeper in the code and I found the reason of the
      problem. <br>
    </p>
    <p>ndn-cxx is expecting "KEY" as the second component in the
      certificate name. However, my certificate name is:
      "/root/publisher/KEY/%AF%C7%D8y3%5De%06/%FD%00%00%01_D8%F1%A4", so
      "KEY" is the third component. </p>
    <p>When I changed the code to put "/root/" in the Interest instead
      of "/root/site1" it solved the problem and the signature is
      verified correctly. In future experiments I would like to
      implement a hierarchy of trust. Do you know what is the problem
      here?</p>
    <p>Best,</p>
    <p>Michał<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 17/10/17 10:49, Michał Król wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:d78599a8-d4de-1a20-0b2a-036d1566c8d8@ucl.ac.uk">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <p>Hi Matteo, <br>
      </p>
      <p>thanks for your message. It's just a formatting problem. For
        some reason my mail client decide to replace tabs with "/" and
        "?". There are not present in the files though. <br>
      </p>
      <p>I've seen your tutorial before. Actually, it was the only
        complete solution it could find online, so I was basing heavily
        on it. Thank you. My setup seems only slightly different, but I
        still can't make it work. <br>
      </p>
      <p>Best,</p>
      <p>Michał<br>
      </p>
      <p><br>
      </p>
      <br>
      <blockquote type="cite"
        cite="mid:EAB20BA3-4E53-44A8-8CF9-5C1DF292037F@ucl.ac.uk">
        <meta http-equiv="Content-Type" content="text/html;
          charset=utf-8">
        <br class="">
        <div style=""><br class="">
          <blockquote type="cite" class="">
            <div class="">Begin forwarded message:</div>
            <br class="Apple-interchange-newline">
            <div style="margin-top: 0px; margin-right: 0px;
              margin-bottom: 0px; margin-left: 0px;" class=""> <span
                style="font-family: -webkit-system-font, Helvetica Neue,
                Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);"
                class=""><b class="">From: </b></span><span
                style="font-family: -webkit-system-font, Helvetica Neue,
                Helvetica, sans-serif;" class="">Matteo Bertolino <<a
                  href="mailto:Matteo.Bertolino@eurecom.fr" class=""
                  moz-do-not-send="true">Matteo.Bertolino@eurecom.fr</a>><br
                  class="">
              </span></div>
            <div style="margin-top: 0px; margin-right: 0px;
              margin-bottom: 0px; margin-left: 0px;" class=""> <span
                style="font-family: -webkit-system-font, Helvetica Neue,
                Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);"
                class=""><b class="">Subject: </b></span><span
                style="font-family: -webkit-system-font, Helvetica Neue,
                Helvetica, sans-serif;" class=""><b class="">Re:
                  [Ndn-interest] Complete trust management from scratch
                  in ndn-cxx</b><br class="">
              </span></div>
            <div style="margin-top: 0px; margin-right: 0px;
              margin-bottom: 0px; margin-left: 0px;" class=""> <span
                style="font-family: -webkit-system-font, Helvetica Neue,
                Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);"
                class=""><b class="">Date: </b></span><span
                style="font-family: -webkit-system-font, Helvetica Neue,
                Helvetica, sans-serif;" class="">16 October 2017
                19:49:16 BST<br class="">
              </span></div>
            <div style="margin-top: 0px; margin-right: 0px;
              margin-bottom: 0px; margin-left: 0px;" class=""> <span
                style="font-family: -webkit-system-font, Helvetica Neue,
                Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);"
                class=""><b class="">To: </b></span><span
                style="font-family: -webkit-system-font, Helvetica Neue,
                Helvetica, sans-serif;" class=""><<a
                  href="mailto:ndn-interest@lists.cs.ucla.edu" class=""
                  moz-do-not-send="true">ndn-interest@lists.cs.ucla.edu</a>><br
                  class="">
              </span></div>
            <br class="">
            <div class="">Hello,<br class="">
              why do you have the "//" in each line of the validator?<br
                class="">
              I am by phone so I cannot provide you easily a good
              answer, but you can find a completed and commented use
              case  here: <a
href="https://github.com/MatteoBertolino92/NDN-matteo/blob/master/ndncxx_miniNDN_someUseCases_nacks__certificates__interest_verification.pdf"
                class="" moz-do-not-send="true">
https://github.com/MatteoBertolino92/NDN-matteo/blob/master/ndncxx_miniNDN_someUseCases_nacks__certificates__interest_verification.pdf</a><br
                class="">
              <br class="">
              Section 3. Write me if u need some clarifications.<br
                class="">
              Matteo<br class="">
              <br class="">
              <br class="">
              Quoting Micha? Król <<a href="mailto:m.krol@ucl.ac.uk"
                class="" moz-do-not-send="true">m.krol@ucl.ac.uk</a>>:<br
                class="">
              <br class="">
              <blockquote type="cite" class="">Dear all,<br class="">
                <br class="">
                I'm struggling with setting up a simple trust/security
                system in NDN. I<br class="">
                find it difficult to find an updated set information
                that will work for<br class="">
                all system components. Please correct me if I
                misunderstood something.<br class="">
                <br class="">
                I have a very simple scenario: one producer and one
                consumer on one<br class="">
                machine. I want to have a central entity (root) and a
                publisher<br class="">
                (publisher) that will be allowed to publish trusted
                content.<br class="">
                <br class="">
                I first create the root certificate using ndnsec and
                selfsign it: /<br class="">
                /<br class="">
                <br class="">
                /    ndnsec-key-gen -n /root//<br class="">
                /<br class="">
                <br class="">
                /    ndnsec-sign-req /root > root.cert/<br class="">
                <br class="">
                Next I create a certificate for the publisher and sign
                it using the root<br class="">
                certificate:<br class="">
                <br class="">
                /   ndnsec-key-gen -n /root/publisher >
                unsigned_publisher.cert//<br class="">
                //   ndnsec-cert-gen -S 201510080000 -E 202010080000  -s
                /root -i<br class="">
                /root/publisher -r unsigned_publisher.cert  >
                publisher.cert/<br class="">
                <br class="">
                <br class="">
                I then used the publisher identity to sign the data:<br
                  class="">
                <br class="">
                /    m_ident =
                m_keyChain.createIdentity(Name("/root/publisher"));//<br
                  class="">
                //    m_info = ndn::security::SigningInfo(m_ident);/<br
                  class="">
                <br class="">
                /    m_keyChain.sign(*data, m_info);/<br class="">
                <br class="">
                On the consumer side I use a validator to validate data:<br
                  class="">
                <br class="">
                /    m_validator->load("sample.cfg");/<br class="">
                <br class="">
                /    m_validator->validate (data,//<br class="">
                //            ndn::bind(&Consumer::onValidated,
                this, _1),//<br class="">
                //           
                ndn::bind(&Consumer::onValidationFailed, this, _1,
                _2));/<br class="">
                <br class="">
                <br class="">
                I want to trust everything signed with the publishers
                key. The<br class="">
                sample.cfg is:<br class="">
                <br class="">
                /    rule//<br class="">
                //    {//<br class="">
                //      id "Sample Rule"//<br class="">
                //      for data//<br class="">
                //      filter//<br class="">
                //      {//<br class="">
                //        type name//<br class="">
                //        name /root/publisher//<br class="">
                //        relation is-prefix-of//<br class="">
                //      }//<br class="">
                //      checker//<br class="">
                //      {//<br class="">
                //        type hierarchical//<br class="">
                //        sig-type rsa-sha256//<br class="">
                //      }//<br class="">
                //    }//<br class="">
                //<br class="">
                //    trust-anchor//<br class="">
                //    {//<br class="">
                //      type file//<br class="">
                //      file-name "root.cert"//<br class="">
                //    }/<br class="">
                <br class="">
                <br class="">
                Now, when I launch the consumer, it issues an interest,
                gets the data,<br class="">
                issues another interest to get the key<br class="">
(/root/publisher/KEY/4%05i%7E%3C%F6%87%2F/%FD%00%00%01_%25%8Bz%80), but<br
                  class="">
                ends up with an error:<br class="">
                <br class="">
                /    Malformed certificate (Name does not follow the
                naming convention<br class="">
                for certificate). /<br class="">
                <br class="">
                <br class="">
                My question is now, is it how I'm supposed to do this?
                If yes, what's<br class="">
                the problem here? If not, is there any example tutorial,
                walking through<br class="">
                the all steps of managing trust in NDN (ndnsec, app,
                validator)?<br class="">
                <br class="">
                Thanks in advance,<br class="">
                <br class="">
                Micha?<br class="">
                <br class="">
                <br class="">
              </blockquote>
              <br class="">
              <br class="">
              <br class="">
-------------------------------------------------------------------------------<br
                class="">
              This message was sent using EURECOM Webmail: <a
                href="http://webmail.eurecom.fr" class=""
                moz-do-not-send="true"> http://webmail.eurecom.fr</a><br
                class="">
              <br class="">
              _______________________________________________<br
                class="">
              Ndn-interest mailing list<br class="">
              <a href="mailto:Ndn-interest@lists.cs.ucla.edu" class=""
                moz-do-not-send="true">Ndn-interest@lists.cs.ucla.edu</a><br
                class="">
              <a class="moz-txt-link-freetext"
                href="http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest"
                moz-do-not-send="true">http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest</a><br
                class="">
            </div>
          </blockquote>
        </div>
        <br class="">
      </blockquote>
      <br>
    </blockquote>
    <br>
  </body>
</html>