diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-08-23 18:05:01 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-08-23 18:12:45 +0200 |
| commit | 08d1b02784517fbe5353e2732cd1937ae9b35bb7 (patch) | |
| tree | 0c43bdc7c64662b5b48e6bdd20344c2c4a0d9e20 | |
| parent | 1e5ae673bb3dcadc4897a08009ffff947988d9b5 (diff) | |
| download | gnutls-08d1b02784517fbe5353e2732cd1937ae9b35bb7.tar.gz | |
documentation updates
| -rw-r--r-- | doc/cha-auth.texi | 2 | ||||
| -rw-r--r-- | doc/cha-bib.texi | 4 | ||||
| -rw-r--r-- | doc/cha-cert-auth.texi | 21 | ||||
| -rw-r--r-- | doc/cha-gtls-app.texi | 6 | ||||
| -rw-r--r-- | doc/cha-intro-tls.texi | 9 | ||||
| -rw-r--r-- | doc/latex/gnutls.bib | 9 | ||||
| -rw-r--r-- | doc/latex/gnutls.tex | 2 |
7 files changed, 37 insertions, 16 deletions
diff --git a/doc/cha-auth.texi b/doc/cha-auth.texi index 0b20115637..c7d4dfe05c 100644 --- a/doc/cha-auth.texi +++ b/doc/cha-auth.texi @@ -137,7 +137,7 @@ and require Diffie-Hellman parameters to be generated and associated with a cred structure, by the server (see @ref{Parameter generation}). @float Table,tab:key-exchange -@multitable @columnfractions .3 .7 +@multitable @columnfractions .2 .7 @headitem Key exchange @tab Description diff --git a/doc/cha-bib.texi b/doc/cha-bib.texi index ef51fbb197..a27509b2c5 100644 --- a/doc/cha-bib.texi +++ b/doc/cha-bib.texi @@ -164,6 +164,10 @@ November 2007, available from @url{http://www.ietf.org/rfc/rfc5056}. J. Altman, N. Williams, L. Zhu, "Channel Bindings for TLS", July 2010, available from @url{http://www.ietf.org/rfc/rfc5929}. +@item @anchor{PKCS11URI}[PKCS11URI] +J. Pechanec, D. Moffat, "The PKCS#11 URI Scheme", August 2011, +Work in progress, available from @url{http://tools.ietf.org/html/draft-pechanec-pkcs11uri-05}. + @item @anchor{ANDERSON}[ANDERSON] R. J. Anderson, "Security Engineering: A Guide to Building Dependable Distributed Systems", John Wiley \& Sons, Inc., 2001. diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi index c1c0ddf2d0..1d5357a0fa 100644 --- a/doc/cha-cert-auth.texi +++ b/doc/cha-cert-auth.texi @@ -45,7 +45,7 @@ certificate holder, the signer, a unique serial number, expiration dates and some other fields @xcite{PKIX} as shown in @ref{tab:x509}. @float Table,tab:x509 -@multitable @columnfractions .3 .7 +@multitable @columnfractions .2 .7 @headitem Field @tab Description @@ -93,7 +93,7 @@ belongs to a CA etc. All the supported @acronym{X.509} version 3 extensions are shown in @ref{tab:x509-ext}. @float Table,tab:x509-ext -@multitable @columnfractions .3 .2 .5 +@multitable @columnfractions .3 .2 .4 @headitem Extension @tab OID @tab Description @@ -178,7 +178,7 @@ are equivalent and will verify the peer's certificate chain in a TLS session. @float Table,tab:cert-verify -@multitable @columnfractions .55 .45 +@multitable @columnfractions .46 .44 @headitem Flag @tab Description @@ -215,7 +215,7 @@ flags are part of the enumeration @code{gnutls_certificate_verify_flags} and are explained in @ref{tab:cert-flags}. @float Table,tab:cert-flags -@multitable @columnfractions .5 .5 +@multitable @columnfractions .5 .4 @headitem Flag @tab Description @item GNUTLS_VERIFY_@-DISABLE_CA_SIGN @tab @@ -485,10 +485,11 @@ when accessing a protected object, such as a private key, as well as probe the user to insert the token. All the initialization functions are below. @showfuncdesc{gnutls_pkcs11_init} +@showfuncA{gnutls_pkcs11_deinit} + @showfuncdesc{gnutls_pkcs11_set_token_function} @showfuncdesc{gnutls_pkcs11_set_pin_function} @showfuncdesc{gnutls_pkcs11_add_provider} -@showfuncA{gnutls_pkcs11_deinit} Note that due to limitations of @acronym{PKCS} #11 there are issues when multiple libraries are sharing a module. To avoid this problem GnuTLS uses @acronym{p11-kit} @@ -498,7 +499,7 @@ multiple users. @subsection Reading objects All @acronym{PKCS} #11 objects are referenced by @acronym{GnuTLS} functions by -URLs as described in @code{draft-pechanec-pkcs11uri-05}. +URLs as described in @xcite{PKCS11URI}. This allows for a consistent naming of objects across systems and applications in the same system. For example a public key on a smart card may be referenced as: @@ -579,9 +580,10 @@ to prevent its extraction. An object can be marked as private using the flag @code{GNUTLS_@-PKCS11_OBJ_@-FLAG_@-MARK_@-PRIVATE}, to require PIN to be entered before accessing the object (for operations or otherwise). -@showfuncdesc{gnutls_pkcs11_delete_url} @showfuncdesc{gnutls_pkcs11_copy_x509_privkey} + @showfuncdesc{gnutls_pkcs11_copy_x509_crt} +@showfuncdesc{gnutls_pkcs11_delete_url} @subsection Using a @acronym{PKCS} #11 token with TLS @@ -642,6 +644,7 @@ sequence. @showfuncB{gnutls_pubkey_init,gnutls_pubkey_deinit} @showfuncdesc{gnutls_pubkey_import_x509} + @showfuncdesc{gnutls_pubkey_import_openpgp} @showfuncdesc{gnutls_pubkey_import_pkcs11} @showfuncdesc{gnutls_pubkey_import_pkcs11_url} @@ -653,6 +656,7 @@ Additional functions are available that will return information over a public key. @showfuncdesc{gnutls_pubkey_get_pk_algorithm} + @showfuncdesc{gnutls_pubkey_get_preferred_hash_algorithm} @showfuncdesc{gnutls_pubkey_get_key_id} @@ -667,6 +671,7 @@ are not extractable. @showfuncB{gnutls_privkey_init,gnutls_privkey_deinit} @showfuncdesc{gnutls_privkey_import_x509} + @showfuncdesc{gnutls_privkey_import_openpgp} @showfuncdesc{gnutls_privkey_import_pkcs11} @@ -681,6 +686,7 @@ The abstract key types can be used to access signing and signature verification operations with the underlying keys. @showfuncdesc{gnutls_pubkey_verify_data2} + @showfuncdesc{gnutls_pubkey_verify_hash} @showfuncdesc{gnutls_privkey_sign_data} @showfuncdesc{gnutls_privkey_sign_hash} @@ -691,6 +697,7 @@ keys with structures is also possible using the key abstractions. @showfuncdesc{gnutls_x509_crq_set_pubkey} + @showfuncdesc{gnutls_x509_crt_set_pubkey} @showfuncdesc{gnutls_x509_crt_privkey_sign} @showfuncdesc{gnutls_x509_crl_privkey_sign} diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 8d18e4147e..814d722a60 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -285,7 +285,7 @@ later on. @showfuncD{gnutls_priority_set_direct,gnutls_priority_init,gnutls_priority_deinit,gnutls_priority_set} @float Table,tab:prio-keywords -@multitable @columnfractions .30 .70 +@multitable @columnfractions .20 .70 @headitem Keyword @tab Description @item PERFORMANCE @tab All the "secure" ciphersuites are enabled, @@ -353,7 +353,7 @@ appended with an algorithm will add this algorithm. @float Table,tab:prio-algorithms -@multitable @columnfractions .30 .70 +@multitable @columnfractions .20 .70 @headitem Type @tab Keywords @item Ciphers @tab AES-128-CBC, AES-256-CBC, AES-128-GCM, CAMELLIA-128-CBC, @@ -394,7 +394,7 @@ CURVE-SECP224R1, CURVE-SECP256R1, CURVE-SECP384R1, CURVE-SECP521R1. Catch all is @float Table,tab:prio-special -@multitable @columnfractions .50 .50 +@multitable @columnfractions .45 .45 @headitem Keyword @tab Description @item %COMPAT @tab diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi index 623ba07ffb..f71b305202 100644 --- a/doc/cha-intro-tls.texi +++ b/doc/cha-intro-tls.texi @@ -124,7 +124,7 @@ The supported in @acronym{GnuTLS} ciphers and MAC algorithms are shown in @ref{t @ref{tab:macs}. @float Table,tab:ciphers -@multitable @columnfractions .30 .70 +@multitable @columnfractions .20 .70 @headitem Algorithm @tab Description @item 3DES_CBC @tab This is the DES block cipher algorithm used with triple @@ -158,7 +158,7 @@ CRYPTREC projects. @float Table,tab:macs -@multitable @columnfractions .30 .70 +@multitable @columnfractions .20 .70 @headitem Algorithm @tab Description @item MAC_MD5 @tab This is a cryptographic hash algorithm designed by Ron Rivest. Outputs @@ -524,7 +524,8 @@ resume functions, @ref{resume}. @showfuncdesc{gnutls_session_ticket_enable_client} @subsection Safe renegotiation -@cindex renegotiation +@cindex Renegotiation +@cindex Safe renegotiation TLS gives the option to two communicating parties to renegotiate and update their security parameters. One useful example of this feature @@ -626,7 +627,7 @@ can be used both by clients and servers. @node Selecting cryptographic key sizes @section Selecting cryptographic key sizes -@cindex key sizes +@cindex Key sizes In TLS, since a lot of algorithms are involved, it is not easy to set a consistent security level. For this reason in @ref{tab:key-sizes} we diff --git a/doc/latex/gnutls.bib b/doc/latex/gnutls.bib index 11ec38c80d..7d07e8904d 100644 --- a/doc/latex/gnutls.bib +++ b/doc/latex/gnutls.bib @@ -297,3 +297,12 @@ publisher = {John Wiley \& Sons, Inc.}, address = {New York, NY, USA}, } + +@misc{PKCS11URI, + author="Jan Pechanec and Darren J. Moffat", + title="{The PKCS 11 URI Scheme}", + month="August", + year=2011, + note = "Work in progress, available from \url{http://tools.ietf.org/html/draft-pechanec-pkcs11uri-05}", + url = "http://tools.ietf.org/html/draft-pechanec-pkcs11uri-05" +} diff --git a/doc/latex/gnutls.tex b/doc/latex/gnutls.tex index b05264be46..7be1cc6072 100644 --- a/doc/latex/gnutls.tex +++ b/doc/latex/gnutls.tex @@ -1,7 +1,7 @@ \documentclass[fontsize=10pt,twoside,openright]{scrbook} \bibliographystyle{plain} -\usepackage[paperwidth=18.91cm,paperheight=24.589cm,twoside,bindingoffset=9mm,outer=2.2cm,inner=1cm,top=2.6cm,bottom=2.5cm]{geometry} +\usepackage[paperwidth=18.91cm,paperheight=24.589cm,twoside,bindingoffset=11mm,outer=2.2cm,inner=1.2cm,top=2.6cm,bottom=2.5cm]{geometry} \usepackage{fancyhdr} \usepackage{graphicx} \usepackage{makeidx} |