[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "known in advance" public key authentication?
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: "known in advance" public key authentication? |
Date: |
Tue, 13 Nov 2012 10:40:17 +0100 |
On Sun, Nov 11, 2012 at 3:59 PM, Ivan Shmakov <address@hidden> wrote:
> > Currently you cannot avoid using a container for the public keys,
> > either X.509 or Openpgp.
> Do I understand it correctly that it's a requirement of the TLS
> protocol itself?
Yes.
> As for the implementation, gnutls_certificate_set_x509_key ()
> assumes that at least one certificate is available, and, AIUI,
> GnuTLS will try to find the “best” matching certificate
> associated with the credentials sometime later (during
> handshake?)
Best matching means that it matches the algorithms requested by the
peer. Typically RSA certificates work with everyone.
> I guess, it'd be something along the lines of:
> gnutls_x509_crt_t crt;
> {
> /* craft a dummy certificate */
> int ra
> = gnutls_x509_crt_init (&crt);
> assert (ra == 0);
> int rb
> = gnutls_x509_crt_set_key (crt, priv);
> assert (rb == 0);
> /* NB: doesn't accept empty strings */
> int rc
> = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_X520_COMMON_NAME,
You'll have to sign it using gnutls_x509_crt_privkey_sign(). It is
better the check the certtool source for other possible options.
regards,
Nikos
- "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
- Re: "known in advance" public key authentication?, Graham Murray, 2012/11/07
- Re: "known in advance" public key authentication?, Daniel Kahn Gillmor, 2012/11/07
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
- Re: "known in advance" public key authentication?, Daniel Kahn Gillmor, 2012/11/07
- Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/07
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/11
- Re: "known in advance" public key authentication?,
Nikos Mavrogiannopoulos <=
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/13
- Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/14
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/19
Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
Re: "known in advance" public key authentication?, Ilari Liusvaara, 2012/11/07
Re: "known in advance" public key authentication?, Florian Weimer, 2012/11/07