[Nfd-dev] [EXT] Signature Verification on NFD for NDN-Packet

Fri Dec 4 10:41:29 PST 2020

Hi Susmit

ndn-cxx KeyChain is incapable for holding certificates that do not have
corresponding private keys.
If all the certificates are known and available locally as files, you can
load them into a *Validator*, and no network request would occur.

If you have both private keys and certificates, you can access NFD's
KeyChain by setting HOME environment variable and sudo as the proper user.
See https://yoursunny.com/t/2016/nfd-prefix/ "where's the keychain" section.

Yours, Junxiao

On Fri, Dec 4, 2020 at 12:07 PM Susmit Shannigrahi <sshannigrahi at tntech.edu>
wrote:

> *External Email*
>
> Hi Junxiao,
>
> I think another way Davide suggested is to import the keys (cert-dump and
> import) into the machine where the forwarder is (we have access to all the
> nodes).
>
> Then the question becomes how to access the default keychain from inside
> the forwarder.
>
> Susmit
>
>
> On 12/4/20 11:01 AM, Junxiao Shi via Nfd-dev wrote:
>
> *External Email Warning*
>
> *This email originated from outside the university. Please use caution
> when opening attachments, clicking links, or responding to requests.*
> ------------------------------
> Hi Monokrishna
>
> The forwarder needs to retrieve the producer's certificate before they can
> validate the signature.
> Certificate retrieval is asynchronous because it relies on Interest-Data
> exchange.
>
> You can pass the Data packet that requires validation to a separate thread
> in the forwarder, retrieve certificate and perform validation there, and
> pass the Data packet and validation result back to the forwarding thread
> for re-processing.
>
> Yours, Junxiao
>
> On Tue, Nov 3, 2020, 11:28 Monikrishna Roy via Nfd-dev <
> nfd-dev at lists.cs.ucla.edu> wrote:
>
>> *External Email*
>> Hello Folks,
>>
>> I want to use signature verification for data packet verification. I
>> used  *#include <ndn-cxx/security/verification-helpers.**hpp>* header
>> file to do that.
>> The task I want to do is:
>>
>>
>>    1. Set signature to data at Producer of NDN
>>    2. Passing the data to NFD
>>    3. Check the Signature at NFD-Forwarder on the onIncomingData method.
>>
>> The problem I am facing is:
>>
>>
>>    1. When I want to get the public key for data I could not able to get
>>    the NDN public key.
>>    2. It's always generating a new public key.
>>
>> I used the Producer of NDN-CXX to publishing data.
>>
>> Snippets of the codes:
>>
>> For the Producer,
>>
>>
>> for (const auto& data : m_store) {
>>>     m_keyChain.sign(*data, m_options.signingInfo);
>>>   }
>>
>>
>> For NFD-Forwarder,
>>
>>>   ndn::KeyChain keyChain;
>>>   auto pubkey = keyChain.getPib().getDefaultIdentity().getDefaultKey();
>>>   bool res = ndn::security::verifySignature(data, pubkey);
>>>
>>
>> Here, the public key for both keyChain is differents. I need to use the
>> same public key for both. How can I use the public key of Producer in
>> NFD-forwarder?
>>
>> Any suggestions will be very helpful. Thanks in advance.
>>
>> Best Regards,
>> Monikrishna Roy
>> _______________________________________________
>> Nfd-dev mailing list
>> Nfd-dev at lists.cs.ucla.edu
>> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
>>
>
> _______________________________________________
> Nfd-dev mailing listNfd-dev at lists.cs.ucla.eduhttp://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
>
> --
> --
> Susmit Shannigrahi
> Assistant Professor of Computer Science
> Tennessee Tech University
> Web: https://susm.it
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20201204/169043d3/attachment-0001.html>