diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-12-02 21:05:35 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-12-02 21:05:35 +0000 |
commit | b8393542bb50bb4503f65529a68d551d3e7e4d1b (patch) | |
tree | ba68595ccd38ba1e49e611fd449fbc1fa50e6448 | |
parent | 81747fbabccaa51717636af14a0359f3dbb28d13 (diff) | |
download | gnutls-b8393542bb50bb4503f65529a68d551d3e7e4d1b.tar.gz |
*** empty log message ***
-rw-r--r-- | doc/tex/ex-pgp-keyserver.tex | 43 | ||||
-rw-r--r-- | doc/tex/gnutls.bib | 9 | ||||
-rw-r--r-- | doc/tex/srp.tex | 9 | ||||
-rw-r--r-- | doc/tex/x509.tex | 4 |
4 files changed, 38 insertions, 27 deletions
diff --git a/doc/tex/ex-pgp-keyserver.tex b/doc/tex/ex-pgp-keyserver.tex index c8dddb5c73..6482d81527 100644 --- a/doc/tex/ex-pgp-keyserver.tex +++ b/doc/tex/ex-pgp-keyserver.tex @@ -18,50 +18,57 @@ * in the initialization of a gnutls session. */ -static const char *hostname = "keyserver.somewhere.com"; +static const char *hostname = "hkp://keyserver.somewhere.com"; static const short port = 11371; int recv_openpgp_key(gnutls_session session, const unsigned char *keyfpr, unsigned int keyfpr_length, gnutls_datum * key) { - const unsigned char *keyid; int rc; CDK_KBNODE knode = NULL; + unsigned char* buf = NULL; /* The key fingerprint should be 20 bytes + * in v4 keys. */ if (keyfpr_length != 20) return -1; - /* The key id is the last 4 bytes of the key fingerprint - */ - keyid = &keyfpr[16]; + rc = cdk_keyserver_recv_key( hostname, port, keyfpr, + CDK_DBSEARCH_FPR, &knode ); - if (key == NULL) { - return -1; - } - - rc = cdk_keyserver_recv_key( hostname, port, keyid, &knode ); if( !rc ) { - unsigned char *buf = cdk_calloc( 1, 20001 ); size_t len = 20000; + buf = cdk_calloc( 1, len + 1 ); + + if (buf == NULL) { + rc = -1; + goto finish; + } + cdk_kbnode_write_to_mem( knode, buf, &len); key->data = malloc( len); - if (key->data==NULL) return -1; - memcpy( key->data, buf, len); + if (key->data==NULL) { + rc = -1; + goto finish; + } - cdk_free( buf ); - cdk_kbnode_release( knode ); + memcpy( key->data, buf, len); - return 0; /* success */ + rc = 0; /* success */ } else { - cdk_kbnode_release( knode ); - return -1; /* failure */ + rc = -1; } + finish: + + cdk_free( buf ); + cdk_kbnode_release( knode ); + return rc; + } diff --git a/doc/tex/gnutls.bib b/doc/tex/gnutls.bib index 0fb542a191..d904e2ce74 100644 --- a/doc/tex/gnutls.bib +++ b/doc/tex/gnutls.bib @@ -7,6 +7,15 @@ url = "http://kaizi.viagenie.qc.ca/ietf/rfc/rfc2246.txt" } +@Misc{RFC2945, + author = "Wu, T.", + title = "The SRP Authentication and Key Exchange System", + month = "September", + year = {2000}, + note = "Available from http://kaizi.viagenie.qc.ca/ietf/rfc/rfc2945.txt", + url = "http://kaizi.viagenie.qc.ca/ietf/rfc/rfc2945.txt" +} + @Misc{SSL3, author = "Freier, A., and Karlton, Ph., and Kocher, P.", title = "The SSL Protocol Version 3.0", diff --git a/doc/tex/srp.tex b/doc/tex/srp.tex index 8bf3903039..c380c3fef0 100644 --- a/doc/tex/srp.tex +++ b/doc/tex/srp.tex @@ -1,14 +1,11 @@ \section{Authentication using SRP\index{SRP authentication}} Authentication using the SRP\footnote{SRP stands for Secure Password Protocol and -is described in RFC2945. The SRP key exchange is not a part of the \tlsI{} protocol} +is described in \cite{RFC2945}. The SRP key exchange is not a part of the \tlsI{} protocol} is actually password authentication, since the two peers are identified by the knowledge of a password. This protocol also offers protection against off-line attacks, such as password file stealing. -This is achieved since SRP does not use the plain password to perform authentication, but something called a -verifier. The verifier is $g^{x}mod(n)$ and $x$ is a value calculated -from the user name and the password. -\par SRP is normally used with a SHA based hash function, to calculate -the value of $x$. +This is achieved since SRP does not use the plain password to perform authentication, +but something called a verifier, which is calculated using the user's password. \par The advantage of SRP authentication, over other proposed secure password authentication schemas, is that SRP does not require the server to hold the user's password. This kind of protection is similar to the one used traditionally diff --git a/doc/tex/x509.tex b/doc/tex/x509.tex index df7f493443..ee078515a2 100644 --- a/doc/tex/x509.tex +++ b/doc/tex/x509.tex @@ -2,13 +2,11 @@ This authentication method is part of the certificate authentication method in \gnutls{}. -\par X.509 certificates contain the public parameters, of a public key algorithm, and the authority's signature, which proves the authenticity of the parameters. -\par The key exchange methods shown in \hyperref{figure}{figure }{}{fig:cert} are available in X.509 authentication. - +\par See section \ref{x509:trust} on page \pageref{x509:trust} for more information on X.509 protocols. |