[Ndn-interest] Complete trust management from scratch in ndn-cxx

Michał Król m.krol at ucl.ac.uk
Tue Oct 17 02:49:55 PDT 2017


Hi Matteo,

thanks for your message. It's just a formatting problem. For some reason
my mail client decide to replace tabs with "/" and "?". There are not
present in the files though.

I've seen your tutorial before. Actually, it was the only complete
solution it could find online, so I was basing heavily on it. Thank you.
My setup seems only slightly different, but I still can't make it work.

Best,

Michał



>
>
>> Begin forwarded message:
>>
>> *From: *Matteo Bertolino <Matteo.Bertolino at eurecom.fr
>> <mailto:Matteo.Bertolino at eurecom.fr>>
>> *Subject: **Re: [Ndn-interest] Complete trust management from scratch
>> in ndn-cxx*
>> *Date: *16 October 2017 19:49:16 BST
>> *To: *<ndn-interest at lists.cs.ucla.edu
>> <mailto:ndn-interest at lists.cs.ucla.edu>>
>>
>> Hello,
>> why do you have the "//" in each line of the validator?
>> I am by phone so I cannot provide you easily a good answer, but you
>> can find a completed and commented use case  here:
>> https://github.com/MatteoBertolino92/NDN-matteo/blob/master/ndncxx_miniNDN_someUseCases_nacks__certificates__interest_verification.pdf
>>
>> Section 3. Write me if u need some clarifications.
>> Matteo
>>
>>
>> Quoting Micha? Król <m.krol at ucl.ac.uk <mailto:m.krol at ucl.ac.uk>>:
>>
>>> Dear all,
>>>
>>> I'm struggling with setting up a simple trust/security system in NDN. I
>>> find it difficult to find an updated set information that will work for
>>> all system components. Please correct me if I misunderstood something.
>>>
>>> I have a very simple scenario: one producer and one consumer on one
>>> machine. I want to have a central entity (root) and a publisher
>>> (publisher) that will be allowed to publish trusted content.
>>>
>>> I first create the root certificate using ndnsec and selfsign it: /
>>> /
>>>
>>> /    ndnsec-key-gen -n /root//
>>> /
>>>
>>> /    ndnsec-sign-req /root > root.cert/
>>>
>>> Next I create a certificate for the publisher and sign it using the root
>>> certificate:
>>>
>>> /   ndnsec-key-gen -n /root/publisher > unsigned_publisher.cert//
>>> //   ndnsec-cert-gen -S 201510080000 -E 202010080000  -s /root -i
>>> /root/publisher -r unsigned_publisher.cert  > publisher.cert/
>>>
>>>
>>> I then used the publisher identity to sign the data:
>>>
>>> /    m_ident = m_keyChain.createIdentity(Name("/root/publisher"));//
>>> //    m_info = ndn::security::SigningInfo(m_ident);/
>>>
>>> /    m_keyChain.sign(*data, m_info);/
>>>
>>> On the consumer side I use a validator to validate data:
>>>
>>> /    m_validator->load("sample.cfg");/
>>>
>>> /    m_validator->validate (data,//
>>> //            ndn::bind(&Consumer::onValidated, this, _1),//
>>> //            ndn::bind(&Consumer::onValidationFailed, this, _1, _2));/
>>>
>>>
>>> I want to trust everything signed with the publishers key. The
>>> sample.cfg is:
>>>
>>> /    rule//
>>> //    {//
>>> //      id "Sample Rule"//
>>> //      for data//
>>> //      filter//
>>> //      {//
>>> //        type name//
>>> //        name /root/publisher//
>>> //        relation is-prefix-of//
>>> //      }//
>>> //      checker//
>>> //      {//
>>> //        type hierarchical//
>>> //        sig-type rsa-sha256//
>>> //      }//
>>> //    }//
>>> //
>>> //    trust-anchor//
>>> //    {//
>>> //      type file//
>>> //      file-name "root.cert"//
>>> //    }/
>>>
>>>
>>> Now, when I launch the consumer, it issues an interest, gets the data,
>>> issues another interest to get the key
>>> (/root/publisher/KEY/4%05i%7E%3C%F6%87%2F/%FD%00%00%01_%25%8Bz%80), but
>>> ends up with an error:
>>>
>>> /    Malformed certificate (Name does not follow the naming convention
>>> for certificate). /
>>>
>>>
>>> My question is now, is it how I'm supposed to do this? If yes, what's
>>> the problem here? If not, is there any example tutorial, walking through
>>> the all steps of managing trust in NDN (ndnsec, app, validator)?
>>>
>>> Thanks in advance,
>>>
>>> Micha?
>>>
>>>
>>
>>
>>
>> -------------------------------------------------------------------------------
>> This message was sent using EURECOM Webmail:
>> http://webmail.eurecom.fr <http://webmail.eurecom.fr>
>>
>> _______________________________________________
>> Ndn-interest mailing list
>> Ndn-interest at lists.cs.ucla.edu <mailto:Ndn-interest at lists.cs.ucla.edu>
>> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20171017/6d2b342e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20171017/6d2b342e/attachment-0001.sig>


More information about the Ndn-interest mailing list