[Nfd-dev] certificate for interacting with NDN testbed
Nikos Fotiou
fotiou at aueb.gr
Fri Jun 3 15:13:21 PDT 2022
Yeap that fixed it! Everything works now. Thank you all!
Best,
Nikos
From: Junxiao Shi <shijunxiao at email.arizona.edu>
Sent: Saturday, June 4, 2022 12:58 AM
To: Nikos Fotiou <fotiou at aueb.gr>
Cc: Dehart, John <jdd at wustl.edu>; nfd-dev at lists.cs.ucla.edu; ucla_operator <tianyuan at cs.ucla.edu>
Subject: Re: [Nfd-dev] certificate for interacting with NDN testbed
Hi Nikos
Prefix propagation feature uses the default certificate of an identity to sign the commands.
Currently your default certificate is a self signed certificate:
/ndn/gr/edu/mmlab1/aueb/second22/KEY/%A3%F3%F7%8F%20%077%84/self/v=1654290874758
You need to set the obtained certificate as the default:
/ndn/gr/edu/mmlab1/aueb/second22/KEY/%A3%F3%F7%8F%20%077%84/NDNCERT/v=1654290901284
You may change the default with `ndnsec set-default` command.
Also, don't forget to serve the certificates with ndn6-serve-certs.
You can export your own certificate with:
ndnsec cert-dump /ndn/gr/edu/mmlab1/aueb/second22/KEY/%A3%F3%F7%8F%20%077%84/NDNCERT/v=1654290901284 > 0.ndncert
You can retrieve an intermediate certificate with:
ndnpeek -Pf /ndn/gr/edu/mmlab1/KEY/%F7%9C%E4%D3gL%A2%21 | base64 > 1.ndncert
Right after you retrieve those certificates, they will be in the router cache so that your end host won't be asked for them.
However, serving them locally would become useful when you attempt to connect to a different router.
Yours, Junxiao
On Fri, Jun 3, 2022 at 17:36 Nikos Fotiou via Nfd-dev <nfd-dev at lists.cs.ucla.edu <mailto:nfd-dev at lists.cs.ucla.edu> > wrote:
Nevertheless, when I advertise the prefix now I receive:
“failure authorization rejected”
This is the output of ndnsec-list -vvv
/ndn/gr/edu/mmlab1/aueb/second22
+->* /ndn/gr/edu/mmlab1/aueb/second22/KEY/%A3%F3%F7%8F%20%077%84
+->* /ndn/gr/edu/mmlab1/aueb/second22/KEY/%A3%F3%F7%8F%20%077%84/self/v=1654290874758
Certificate Name:
/ndn/gr/edu/mmlab1/aueb/second22/KEY/%A3%F3%F7%8F%20%077%84/self/v=1654290874758
Public Key:
Key Type: 256-bit EC
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEn/rAURbPdsUqj/7u6xN05O81A6Jt
yWrcljlhxzLrVP+WC5cniRGg22rzREDRL1GTXWd5LM1PVoI640Ix2cUEXA==
Validity:
Not Before: 2022-06-03T21:14:34
Not After: 2042-05-29T21:14:34
Signature Information:
Signature Type: SignatureSha256WithEcdsa
Key Locator: Name=/ndn/gr/edu/mmlab1/aueb/second22/KEY/%A3%F3%F7%8F%20%077%84
Self-Signed: yes
+-> /ndn/gr/edu/mmlab1/aueb/second22/KEY/%A3%F3%F7%8F%20%077%84/NDNCERT/v=1654290901284
Certificate Name:
/ndn/gr/edu/mmlab1/aueb/second22/KEY/%A3%F3%F7%8F%20%077%84/NDNCERT/v=1654290901284
Public Key:
Key Type: 256-bit EC
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEn/rAURbPdsUqj/7u6xN05O81A6Jt
yWrcljlhxzLrVP+WC5cniRGg22rzREDRL1GTXWd5LM1PVoI640Ix2cUEXA==
Validity:
Not Before: 2022-06-03T21:14:35
Not After: 2022-06-18T21:14:34
Signature Information:
Signature Type: SignatureSha256WithEcdsa
Key Locator: Name=/ndn/gr/edu/mmlab1/KEY/%F7%9C%E4%D3gL%A2%21
* /localhost/operator
+->* /localhost/operator/KEY/%0EC%3B%C8%B0%98%1D%06
+->* /localhost/operator/KEY/%0EC%3B%C8%B0%98%1D%06/self/v=1654289508625
Certificate Name:
/localhost/operator/KEY/%0EC%3B%C8%B0%98%1D%06/self/v=1654289508625
Public Key:
Key Type: 256-bit EC
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAES6VWBfgXdEeWxs0j1JYsbfTmouzv
47cndijW+SGal49O6YfVWEO9+1XToummsWZPTAPUib7mgK2mtzBiaCpiRA==
Validity:
Not Before: 2022-06-03T20:51:48
Not After: 2042-05-29T20:51:48
Signature Information:
Signature Type: SignatureSha256WithEcdsa
Key Locator: Name=/localhost/operator/KEY/%0EC%3B%C8%B0%98%1D%06
Self-Signed: yes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20220604/76956edb/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6501 bytes
Desc: not available
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20220604/76956edb/attachment-0001.p7s>
More information about the Nfd-dev
mailing list