| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
11.3.2 OpenPGP Authentication Guile Example
GnuTLS allows users to authenticate using OpenPGP certificates. The
relevant procedures are provided by the (gnutls extra) module.
Using OpenPGP-based authentication is not more complicated than using
anonymous authentication. It requires a bit of extra work, though, to
import the OpenPGP public and private key of the client/server. Key
import is omitted here and is left as an exercise to the reader
(see section Importing OpenPGP Keys Guile Example).
Assuming some-socket is bound to an open socket port and pub and sec are bound to the client’s OpenPGP public and secret key, respectively, client-side code would look like this:
;; Client-side.
(define %certs (list certificate-type/openpgp))
(let ((client (make-session connection-end/client))
(cred (make-certificate-credentials)))
(set-session-default-priority! client)
;; Choose OpenPGP certificates.
(set-session-certificate-type-priority! client %certs)
;; Prepare appropriate client credentials.
(set-certificate-credentials-openpgp-keys! cred pub sec)
(set-session-credentials! client cred)
;; Specify the underlying transport socket.
(set-session-transport-fd! client (fileno some-socket))
(handshake client)
(write "hello, world!" (session-record-port client))
(bye client close-request/rdwr))
|
Similarly, server-side code would be along these lines:
;; Server-side.
(define %certs (list certificate-type/openpgp))
(let ((server (make-session connection-end/server))
(rsa (make-rsa-parameters 1024))
(dh (make-dh-parameters 1024)))
(set-session-default-priority! server)
;; Choose OpenPGP certificates.
(set-session-certificate-type-priority! server %certs)
(let ((cred (make-certificate-credentials)))
;; Prepare credentials with RSA and Diffie-Hellman parameters.
(set-certificate-credentials-dh-parameters! cred dh)
(set-certificate-credentials-rsa-export-parameters! cred rsa)
(set-certificate-credentials-openpgp-keys! cred pub sec)
(set-session-credentials! server cred))
(set-session-transport-fd! server (fileno some-socket))
(handshake server)
(let ((msg (read (session-record-port server))))
(format #t "received: ~a~%" msg)
(bye server close-request/rdwr)))
|
In practice, generating RSA parameters (and Diffie-Hellman parameters)
can time a long time. Thus, you may want to generate them once and
store them in a file for future re-use (see section pkcs1-export-rsa-parameters and pkcs1-import-rsa-parameters).
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |