[Ndn-interest] How to use repo-ng?
Matteo Bertolino
Matteo.Bertolino at eurecom.fr
Mon Oct 3 02:42:40 PDT 2016
Good morning community,
I would like to exploit repo-ng in order to distribute certificates.
I tried, but I failed and I do not understand how to do.
Supposing a topology in which I have a consumer, a producer and a root
authority. The root authority sign the certificate of the producer,
the consumer trust in the root authority. Suppose that the same node
of the root authority distributes also the certificates. Consumer asks
for /root/site1 data, p announced /root/site1 and r announced /root/KEY.
Without repo and with an app publisher it works fine.
My steps are:
//Generation of the certification chain
At the end, the root has the certificate of the producer
"site1.ndncert" and its own (root.ndncert).
//Modify repo-ng.conf
Actually I have no idea how to do. I just modified the prefixes in
"/root/KEY", and I put the config file in /usr/local/etc/ndn and
/etc/ndn folders. I attached it.
//Put the certificate
I put the certificate site1.ndncert in the root folder and publisher folder.
//Publish the certificate:
r /home/bertolino/Desktop/miniNDN/mini-ndn/repo-ng/build/ndn-repo-ng &
(where r is the root authority node)
r base 64 -d site1.ndncert | nc localhost 7376
Then, r receives the request for the interest /root/KEY/site1 etc but
it is not able to satisfy it.
In particular:
Sending /root/site1?ndn.MustBeFresh=1&ndn.InterestLifetime=1000
failedCannot fetch cert: /root/KEY/site1/ksk-1475484935283/ID-CERT
Any help is particularly appreciated,
Thank you very much,
Yours Matteo
-------------------------------------------------------------------------------
This message was sent using EURECOM Webmail: http://webmail.eurecom.fr
-------------- next part --------------
repo
{
; Section defining list of Data prefixes to register
; Only 'prefix' option is allowed here, which can be repeated multiple times
data
{
prefix "ndn:/root/KEY"
}
; Section defining list of command prefixes (to insert or delete Data) to register.
; Only 'prefix' option is allowed here, which can be repeated multiple times
command
{
prefix "ndn:/root/KEY"
prefix "ndn:/root/KEY"
}
; Section to specify where data should be stored
; Right now only a single 'sqlite' option is allowed:
storage
{
method "sqlite" ; Currently, only sqlite storage engine is supported
path "/var/db/ndn-repo-ng" ; path to repo-ng storage folder
max-packets 100000
}
; Section to enable TCP bulk insert capability
; If section is present, then TCP bulk insert is enabled (empty section enables
; TCP bulk insert to listen on "localhost:7376")
tcp_bulk_insert {
; host "localhost" ; Set to listen on different IP address or hostname
; port 7376 ; Set to listen on different port number
}
validator
{
; The following rule disables all security in the repo
trust-anchor {
type any
}
; ; These rule are examples of validation of signed interests for commands and data.
; ; User could define its own rule for signed interest or data to be inserted
; ; according to Validator Configuration File Format.
; ; (http://redmine.named-data.net/projects/ndn-cxx/wiki/CommandValidatorConf)
; rule
; {
; id "Simple Rule For Interest"
; for interest
; filter
; {
; type name
; name /root/KEY
; relation is-prefix-of
; }
; checker
; {
; type fixed-signer
; sig-type rsa-sha256
; signer
; {
; type file
; ; repo-ng.cert.sample is just a non-existent certificate.
; ; User should create its own certification using Security Tool.
; ; (http://redmine.named-data.net/projects/ndn-cxx/wiki/SecurityTools)
; file-name "repo-ng.cert.sample"
; }
; }
; }
;
; rule
; {
; id "Simple Rule For Data"
; for data
; filter
; {
; type name
; name /example/data/1
; relation is-prefix-of
; }
; checker
; {
; type fixed-signer
; sig-type rsa-sha256
; signer
; {
; type file
; ; repo-ng.cert.sample is just a non-existent certificate.
; ; User should create its own certification using Security Tool.
; ; (http://redmine.named-data.net/projects/ndn-cxx/wiki/SecurityTools)
; file-name "repo-ng.cert.sample"
; }
; }
; }
}
}
More information about the Ndn-interest
mailing list