[Nfd-dev] [EXT] Signature Verification on NFD for NDN-Packet

Junxiao Shi shijunxiao at email.arizona.edu
Fri Dec 4 09:01:35 PST 2020 

Hi Monokrishna

The forwarder needs to retrieve the producer's certificate before they can
validate the signature.
Certificate retrieval is asynchronous because it relies on Interest-Data
exchange.

You can pass the Data packet that requires validation to a separate thread
in the forwarder, retrieve certificate and perform validation there, and
pass the Data packet and validation result back to the forwarding thread
for re-processing.

Yours, Junxiao

On Tue, Nov 3, 2020, 11:28 Monikrishna Roy via Nfd-dev <
nfd-dev at lists.cs.ucla.edu> wrote:

> *External Email*
> Hello Folks,
>
> I want to use signature verification for data packet verification. I used
>  *#include <ndn-cxx/security/verification-helpers.**hpp>* header file to
> do that.
>
> The task I want to do is:
>
>
>    1. Set signature to data at Producer of NDN
>    2. Passing the data to NFD
>    3. Check the Signature at NFD-Forwarder on the onIncomingData method.
>
> The problem I am facing is:
>
>
>    1. When I want to get the public key for data I could not able to get
>    the NDN public key.
>    2. It's always generating a new public key.
>
> I used the Producer of NDN-CXX to publishing data.
>
> Snippets of the codes:
>
> For the Producer,
>
>
> for (const auto& data : m_store) {
>>     m_keyChain.sign(*data, m_options.signingInfo);
>>   }
>
>
> For NFD-Forwarder,
>
>>   ndn::KeyChain keyChain;
>>   auto pubkey = keyChain.getPib().getDefaultIdentity().getDefaultKey();
>>   bool res = ndn::security::verifySignature(data, pubkey);
>>
>
> Here, the public key for both keyChain is differents. I need to use the
> same public key for both. How can I use the public key of Producer in
> NFD-forwarder?
>
> Any suggestions will be very helpful. Thanks in advance.
>
> Best Regards,
> Monikrishna Roy
> _______________________________________________
> Nfd-dev mailing list
> Nfd-dev at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20201204/4fba715b/attachment-0001.html>

More information about the Nfd-dev mailing list