<div dir="ltr"><div>Hi Susmit</div><div><br></div><div>ndn-cxx KeyChain is incapable for holding certificates that do not have corresponding private keys.</div><div>If all the certificates are known and available locally as files, you can load them into a <b>Validator</b>, and no network request would occur.</div><div><br></div><div>If you have both private keys and certificates, you can access NFD's KeyChain by setting HOME environment variable and sudo as the proper user.</div><div>See <a href="https://yoursunny.com/t/2016/nfd-prefix/">https://yoursunny.com/t/2016/nfd-prefix/</a> "where's the keychain" section.</div><div><br></div><div>Yours, Junxiao</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Dec 4, 2020 at 12:07 PM Susmit Shannigrahi <<a href="mailto:sshannigrahi@tntech.edu">sshannigrahi@tntech.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div><p style="text-align:center"><font color="red"><strong>External Email</strong><br></font></p>
<p>Hi Junxiao,</p>
<p><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000">I think another way
Davide suggested is to import the keys (cert-dump and import)
into the machine where the forwarder is (we have access to all
the nodes).<br>
</font></span></p>
<p><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000">Then the question
becomes how to access the default keychain from inside the
forwarder.</font></span></p>
<p><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000">Susmit<br>
</font></span></p>
<p><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000"><br>
</font></span></p>
<div>On 12/4/20 11:01 AM, Junxiao Shi via
Nfd-dev wrote:<br>
</div>
<blockquote type="cite">
<p style="text-align:center;background:white;margin:0px" align="center"><b><span style="font-size:12pt;color:red;background:white;font-family:Calibri,sans-serif">External Email
Warning</span></b></p>
<p style="text-align:center;background:white;margin:0px 12pt" align="center"><b><span style="font-size:12pt;color:red;font-family:Calibri,sans-serif">This
email originated from outside the university. Please use
caution when opening attachments, clicking links, or
responding to requests.</span></b><span style="font-size:12pt"></span></p>
<hr>
<div>
<div dir="auto">
<div>Hi Monokrishna</div>
<div dir="auto"><br>
</div>
<div dir="auto">The forwarder needs to retrieve the producer's
certificate before they can validate the signature.</div>
<div dir="auto">Certificate retrieval is asynchronous because
it relies on Interest-Data exchange.</div>
<div dir="auto"><br>
</div>
<div dir="auto">You can pass the Data packet that requires
validation to a separate thread in the forwarder, retrieve
certificate and perform validation there, and pass the Data
packet and validation result back to the forwarding thread
for re-processing.</div>
<div dir="auto"><br>
</div>
<div dir="auto">Yours, Junxiao<br>
<br>
<div class="gmail_quote" dir="auto">
<div dir="ltr" class="gmail_attr">On Tue, Nov 3, 2020,
11:28 Monikrishna Roy via Nfd-dev <<a href="mailto:nfd-dev@lists.cs.ucla.edu" target="_blank">nfd-dev@lists.cs.ucla.edu</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<p style="text-align:center"><font color="red"><strong>External
Email</strong><br>
</font></p>
<div dir="ltr"><font face="arial, sans-serif" color="#000000">Hello Folks,</font>
<div><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000"><br>
</font></span></div>
<div><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000">I want
to use signature verification f</font></span>or
data packet verification<span style="color:rgb(0,0,0);font-family:arial,sans-serif">.
I used </span><span style="color:rgb(0,0,0);font-family:arial,sans-serif"> </span><i style="color:rgb(0,0,0);font-family:arial,sans-serif"><span style="font-size:14px;white-space:pre-wrap">#include</span><span style="font-size:14px;white-space:pre-wrap">
</span><span style="font-size:14px;white-space:pre-wrap"><ndn-cxx/security/verification-helpers.</span></i><span style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:14px;white-space:pre-wrap"><i>hpp></i> header file to do that.</span></div>
<div><font face="arial, sans-serif" color="#000000"><span style="font-size:14px;white-space:pre-wrap;background-color:rgb(255,255,255)">
</span></font></div>
<div><font face="arial, sans-serif" color="#000000"><span style="font-size:14px;white-space:pre-wrap;background-color:rgb(255,255,255)">The task I want to do is:</span></font></div>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<ol>
<li><font face="arial, sans-serif" color="#000000"><span style="font-size:14px;white-space:pre-wrap;background-color:rgb(255,255,255)">Set signature to data at Producer of NDN</span></font></li>
<li><font face="arial, sans-serif" color="#000000"><span style="font-size:14px;white-space:pre-wrap;background-color:rgb(255,255,255)">Passing the data to NFD</span></font></li>
<li><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000"><span style="font-size:14px;white-space:pre-wrap">Check the Signature at NFD-Forwarder on the onIncomingData</span> method.</font></span></li>
</ol>
</blockquote>
<div><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000">The
problem I am facing is:</font></span></div>
<div>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<ol>
<li><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000">When
I want to get the public key for data I
could not able to get the NDN public
key.</font></span></li>
<li><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000">It's
always generating a new public key.</font></span></li>
</ol>
</div>
</blockquote>
<span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000">I used
the Producer of NDN-CXX to publishing data.</font></span></div>
<div><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000"><br>
</font></span></div>
<div><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000">Snippets of
the codes:</font></span></div>
<div><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000"><br>
</font></span></div>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000">For
the Producer,</font></span></div>
</blockquote>
<div><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000"><br>
</font></span></div>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000">for
(const auto& data : m_store) {<br>
m_keyChain.sign(*data,
m_options.signingInfo);<br>
}</font></span></blockquote>
</blockquote>
<div><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000"><br>
</font></span></div>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000">For
NFD-Forwarder,</font></span></div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000">
ndn::KeyChain keyChain;<br>
auto pubkey =
keyChain.getPib().getDefaultIdentity().getDefaultKey();<br>
bool res =
ndn::security::verifySignature(data, pubkey);<br>
</font></span></blockquote>
</blockquote>
<div><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000"><br>
</font></span></div>
<div><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000">Here,
the public key for both keyChain is differents.
I need to use the same public key for both. How
can I use the public key of Producer in
NFD-forwarder?</font></span></div>
<div><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000"><br>
</font></span></div>
<div><span style="background-color:rgb(255,255,255)"><font face="arial, sans-serif" color="#000000">Any
suggestions will be very helpful. Thanks in
advance.</font></span></div>
<div><br clear="all">
<div>
<div dir="ltr">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><font face="arial, sans-serif">Best
Regards,</font>
<div><font face="arial,
sans-serif">Monikrishna
Roy</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
_______________________________________________<br>
Nfd-dev mailing list<br>
<a href="mailto:Nfd-dev@lists.cs.ucla.edu" rel="noreferrer" target="_blank">Nfd-dev@lists.cs.ucla.edu</a><br>
<a href="http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev" rel="noreferrer noreferrer" target="_blank">http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev</a><br>
</blockquote>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Nfd-dev mailing list
<a href="mailto:Nfd-dev@lists.cs.ucla.edu" target="_blank">Nfd-dev@lists.cs.ucla.edu</a>
<a href="http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev" target="_blank">http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev</a>
</pre>
</blockquote>
<pre cols="72">--
--
Susmit Shannigrahi
Assistant Professor of Computer Science
Tennessee Tech University
Web: <a href="https://susm.it" target="_blank">https://susm.it</a></pre>
</div>
</blockquote></div></div>