diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-28 10:17:43 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-28 10:17:43 +0000 |
| commit | a9723f1d13fe950c6f366521299b247324780f16 (patch) | |
| tree | 9dfc8adba8819a947d94902a2609c4011143d357 | |
| parent | 10a4678f69e3ae1ae39a3da1f88ef8efbec97fbc (diff) | |
| download | gnutls-a9723f1d13fe950c6f366521299b247324780f16.tar.gz | |
*** empty log message ***
| -rw-r--r-- | doc/tex/auth.tex | 7 | ||||
| -rw-r--r-- | doc/tex/examples.tex | 2 | ||||
| -rw-r--r-- | doc/tex/gnutls.bib | 7 | ||||
| -rw-r--r-- | doc/tex/gnutls.tex | 2 | ||||
| -rw-r--r-- | doc/tex/handshake.tex | 9 | ||||
| -rw-r--r-- | doc/tex/library.tex | 12 | ||||
| -rw-r--r-- | doc/tex/preface.tex | 9 | ||||
| -rw-r--r-- | doc/tex/programs.tex | 7 | ||||
| -rw-r--r-- | doc/tex/srp.tex | 20 |
9 files changed, 46 insertions, 29 deletions
diff --git a/doc/tex/auth.tex b/doc/tex/auth.tex index b5d028bfcb..4fea3dd6af 100644 --- a/doc/tex/auth.tex +++ b/doc/tex/auth.tex @@ -1,6 +1,9 @@ \chapter{Authentication methods} -\par -The following authentication schemas are supported in \gnutls: + +The \tls{} protocol provides confidentiality and encryption, but +also offers authentication, which is a prerequisite +for a secure connection. +The available authentication methods in \gnutls{} are: \begin{enumerate} \item Certificate authentication \item Anonymous authentication diff --git a/doc/tex/examples.tex b/doc/tex/examples.tex index a6f24ec513..31a38c972d 100644 --- a/doc/tex/examples.tex +++ b/doc/tex/examples.tex @@ -1,4 +1,4 @@ -\chapter{How to use GNUTLS\index{Example programs} in applications} +\chapter{How to use \gnutls{}\index{Example programs} in applications} \input{preparation} diff --git a/doc/tex/gnutls.bib b/doc/tex/gnutls.bib index 5edb93071c..5a5b30bcf3 100644 --- a/doc/tex/gnutls.bib +++ b/doc/tex/gnutls.bib @@ -84,3 +84,10 @@ note = "Available from http://www.gnupg.org/gph/en/manual.pdf", url = "http://www.gnupg.org/gph/en/manual.pdf" } + +@Misc{TOMSRP, + author = "Tom Wu", + title = "The Stanford SRP Authentication Project", + note = "Available at http://srp.stanford.edu/", + url = "http://srp.stanford.edu/" +} diff --git a/doc/tex/gnutls.tex b/doc/tex/gnutls.tex index bf067dff39..db06189c27 100644 --- a/doc/tex/gnutls.tex +++ b/doc/tex/gnutls.tex @@ -25,9 +25,9 @@ \fancyhead[RO,LE]{\empty} \fancyfoot[C]{\thepage} -\mainmatter \input{preface} +\mainmatter \input{library} \input{tlsintro} diff --git a/doc/tex/handshake.tex b/doc/tex/handshake.tex index c63da999df..283ac70e36 100644 --- a/doc/tex/handshake.tex +++ b/doc/tex/handshake.tex @@ -1,10 +1,11 @@ \section{The TLS handshake protocol\index{TLS protocols!Handshake}} \label{handshake} -The Handshake protocol is fully controlled by application layer (your -program). Within this protocol the parameters for cipher suites, supported -authentication methods etc. are negotiated. Thus the application layer -has to set up the required parameters for the connection. +The Handshake protocol is responsible for the ciphersuite negotiation, +the initial key exchange, and the authentication of the two peers. +This is fully controlled by the application layer, thus your program +has to set up the required parameters. Available functions to control +the handshake protocol include: \begin{itemize} \item \printfunc{gnutls_cipher_set_priority}{gnutls\_cipher\_set\_priority}: diff --git a/doc/tex/library.tex b/doc/tex/library.tex index 6c42176d16..08af7c6190 100644 --- a/doc/tex/library.tex +++ b/doc/tex/library.tex @@ -10,19 +10,21 @@ eavesdropping, tampering, or message forgery. \par Technically \gnutls{} is a portable ANSI {\bf C} based library which implements the \tlsI{}\footnote{See section \ref{sec:tlsintro} on page \pageref{sec:tlsintro} for -a more detailed description of the protocols.} and \sslIII{} protocols. +a more detailed description of the protocols.} and \sslIII{} protocols, +accompanied with the required framework for authentication and +public key infrastructure. The library is available under the GNU Lesser GPL license\footnote{A copy of the license is included in the distribution}. Important features of the \gnutls{} library include: \begin{itemize} -\item Thread safety \item Support for both \tlsI{} and \sslIII{} protocols. \item Support for both {\bf X.509} and {\bf OpenPGP} certificates. \item Support for handling and verification of certificates. \item Support for {\bf SRP} for \tls{} authentication. \item Support for \tls{} {\bf Extension mechanism}. \item Support for \tls{} {\bf Compression Methods}. +\item Thread safety \end{itemize} Additionaly \gnutls{} provides a limited emulation API for the widely used @@ -50,12 +52,6 @@ In order to ease integration in embedded systems, parts of the \gnutls{} library can be disabled at compile time. That way a small library, with the required features, can be generated. -\par -See \htmladdnormallink{http://www.gnutls.org/}{http://www.gnutls.org/} -and \htmladdnormallink{http://www.gnu.org/software/gnutls/}{http://www.gnu.org/software/gnutls/} -for updated versions of the \gnutls{} software and this document. - - \section{General Idea} % explain how it works A brief description of how \gnutls{} works internally is shown at diff --git a/doc/tex/preface.tex b/doc/tex/preface.tex index 9e265083d3..01aa48ba03 100644 --- a/doc/tex/preface.tex +++ b/doc/tex/preface.tex @@ -1,5 +1,6 @@ -\chapter{Preface} +\chapter*{Preface} +\section*{Introduction} This document tries to demonstrate and explain the \gnutls{} library API. A brief introduction to the protocols and the technology involved, is also included. That way a \tls{} application programmer can better understand @@ -15,3 +16,9 @@ and \gnutls{} only helps with some of them. This document tries to be self contained, although basic network programming and PKI knowlegde is assumed in most of it. \cite{GUTPKI} is a good introduction to Public Key Infrastructure. + +\section*{Availability} +Updated versions of the \gnutls{} software and this document will +be available from +\htmladdnormallink{http://www.gnutls.org/}{http://www.gnutls.org/} +and \htmladdnormallink{http://www.gnu.org/software/gnutls/}{http://www.gnu.org/software/gnutls/}. diff --git a/doc/tex/programs.tex b/doc/tex/programs.tex index 702eab0981..8489f20bea 100644 --- a/doc/tex/programs.tex +++ b/doc/tex/programs.tex @@ -3,12 +3,11 @@ \section{The ``gnutls-srpcrypt'' program} \label{srpcrypt} -The ``gnutls-srpcrypt'' is a very simple program that emulates the programs in the libsrp -found in \htmladdnormallink{http://srp.stanford.edu}{http://srp.stanford.edu}. +The ``gnutls-srpcrypt'' is a very simple program that emulates the programs in the +\emph{Stanford SRP libraries}. It is intended for use in places where you don't expect SRP authentication to be the used for system users. - -Traditionaly libsrp used two files. One called 'tpasswd' which holds usernames +Traditionaly \emph{libsrp} used two files. One called 'tpasswd' which holds usernames and verifiers, and 'tpasswd.conf' which holds generators and primes. \par How to use srpcrypt: diff --git a/doc/tex/srp.tex b/doc/tex/srp.tex index a71e7643cf..af28f94a74 100644 --- a/doc/tex/srp.tex +++ b/doc/tex/srp.tex @@ -2,19 +2,23 @@ Authentication using the SRP\footnote{SRP stands for Secure Remote Password and is described in \cite{RFC2945}. The SRP key exchange is not a part of the \tlsI{} protocol} -protocol is actually password authentication, since the two peers are identified by the knowledge of a password. -This protocol also offers protection against off-line attacks, such as password -file stealing. -This is achieved since SRP does not use the plain password to perform authentication, -but something called a verifier, which is calculated using the user's password. -\par The advantage of SRP authentication, over other proposed secure password +protocol is actually password authentication. The two peers can be identified using a +single password, or there can be combinations where the client is +authenticated using SRP and the server using a certificate. +\par +The advantage of SRP authentication, over other proposed secure password authentication schemas, is that SRP does not require the server to hold the user's password. This kind of protection is similar to the one used traditionally in the \emph{UNIX} ``passwd'' file, where the contents of this file did not cause harm to the system security if they were revealed. +The SRP holds instead of the plain password something called a verifier, +which is calculated using the user's password, and if stolen cannot +be used to impersonate the user. See \cite{TOMSRP} for a detailed description +of the SRP protocol, and for the Stanford SRP libraries. + \par The implementation in \gnutls{} is based on paper \cite{TLSSRP}. -Available key exchange methods are shown in \hyperref{figure}{figure }{}{fig:srp}. +The available key exchange methods are shown in \hyperref{figure}{figure }{}{fig:srp}. \begin{figure}[hbtp] \begin{tabular}{|l|p{9cm}|} @@ -40,7 +44,7 @@ authenticated using a certificate with RSA parameters. The default behaviour of \gnutls{} is to read the usernames and SRP verifiers from password files. These password files are the ones used -by \emph{libsrp} and can be specified using the +by the \emph{srp libraries} and can be specified using the \printfunc{gnutls_srp_set_server_credentials_file}{gnutls\_srp\_set\_server\_credentials\_file}. If a different password file format is to be used, then the function \printfunc{gnutls_srp_set_server_credentials_function}{gnutls\_srp\_set\_server\_credentials\_function}, |