diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-05-27 14:48:03 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-05-27 14:48:03 +0200 |
| commit | 8d80e9cbf812fddfeda0dbf6184be7ba24fb2348 (patch) | |
| tree | 44826f555e8ef6c8dfc0197a33e0b914c3aedf3a /doc/cha-auth.texi | |
| parent | a3c23384acf3faeb02146c1a1cee0290ef64a7f3 (diff) | |
| download | gnutls-8d80e9cbf812fddfeda0dbf6184be7ba24fb2348.tar.gz | |
reorganization and added section on parameter generation.
Diffstat (limited to 'doc/cha-auth.texi')
| -rw-r--r-- | doc/cha-auth.texi | 43 |
1 files changed, 9 insertions, 34 deletions
diff --git a/doc/cha-auth.texi b/doc/cha-auth.texi index b359af9b18..9336ab5834 100644 --- a/doc/cha-auth.texi +++ b/doc/cha-auth.texi @@ -116,40 +116,10 @@ certificate authentication. Note that the DHE key exchange methods are generally slower@footnote{It really depends on the group used. Primes with lesser bits are always faster, but also easier to break. Values less -than 768 should not be used today} than plain RSA and require Diffie +than 1024 should not be used today} than plain RSA and require Diffie Hellman parameters to be generated and associated with a credentials -structure, by the server. The @code{RSA-EXPORT} method also requires -512 bit RSA parameters, that should also be generated and associated -with the credentials structure. See the functions: - -@itemize - -@item @ref{gnutls_dh_params_generate2} - -@item @ref{gnutls_certificate_set_dh_params} - -@item @ref{gnutls_rsa_params_generate2} - -@item @ref{gnutls_certificate_set_rsa_export_params} - -@end itemize - -Sometimes in order to avoid bottlenecks in programs it is useful to -store and read parameters from formats that can be generated by -external programs such as @code{certtool}. This is possible with -@acronym{GnuTLS} by using the following functions: - -@itemize - -@item @ref{gnutls_dh_params_import_pkcs3} - -@item @ref{gnutls_rsa_params_import_pkcs1} - -@item @ref{gnutls_dh_params_export_pkcs3} - -@item @ref{gnutls_rsa_params_export_pkcs1} - -@end itemize +structure, by the server. For more information check the @ref{Parameter generation} +section. Key exchange algorithms for @acronym{OpenPGP} and @acronym{X.509} certificates: @@ -209,7 +179,8 @@ are shown below. Note that the key exchange methods for anonymous authentication require Diffie-Hellman parameters to be generated by the server and -associated with an anonymous credentials structure. +associated with an anonymous credentials structure. Check +@ref{Parameter generation} for more information. Supported anonymous key exchange algorithms: @@ -389,6 +360,8 @@ Key exchange algorithms and the corresponding credential types: @item @code{KX_RSA} @item @code{KX_DHE_RSA} @item @code{KX_DHE_DSS} +@item @code{KX_ECDHE_RSA} +@item @code{KX_ECDHE_ECDSA} @item @code{KX_RSA_EXPORT} @tab @code{CRD_CERTIFICATE} @tab @code{CRD_CERTIFICATE} @@ -405,10 +378,12 @@ Key exchange algorithms and the corresponding credential types: @tab @code{CRD_SRP} @item @code{KX_ANON_DH} +@item @code{KX_ANON_ECDH} @tab @code{CRD_ANON} @tab @code{CRD_ANON} @item @code{KX_PSK} +@item @code{KX_DHE_PSK} @tab @code{CRD_PSK} @tab @code{CRD_PSK} |