[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
11.3.2 OpenPGP Authentication Guile Example
GnuTLS allows users to authenticate using OpenPGP certificates. The
relevant procedures are provided by the (gnutls extra)
module.
Using OpenPGP-based authentication is not more complicated than using
anonymous authentication. It requires a bit of extra work, though, to
import the OpenPGP public and private key of the client/server. Key
import is omitted here and is left as an exercise to the reader
(see section Importing OpenPGP Keys Guile Example).
Assuming some-socket is bound to an open socket port and pub and sec are bound to the client's OpenPGP public and secret key, respectively, client-side code would look like this:
;; Client-side. (define %certs (list certificate-type/openpgp)) (let ((client (make-session connection-end/client)) (cred (make-certificate-credentials))) (set-session-default-priority! client) ;; Choose OpenPGP certificates. (set-session-certificate-type-priority! client %certs) ;; Prepare appropriate client credentials. (set-certificate-credentials-openpgp-keys! cred pub sec) (set-session-credentials! client cred) ;; Specify the underlying transport socket. (set-session-transport-fd! client (fileno some-socket)) (handshake client) (write "hello, world!" (session-record-port client)) (bye client close-request/rdwr)) |
Similarly, server-side code would be along these lines:
;; Server-side. (define %certs (list certificate-type/openpgp)) (let ((server (make-session connection-end/server)) (rsa (make-rsa-parameters 1024)) (dh (make-dh-parameters 1024))) (set-session-default-priority! server) ;; Choose OpenPGP certificates. (set-session-certificate-type-priority! server %certs) (let ((cred (make-certificate-credentials))) ;; Prepare credentials with RSA and Diffie-Hellman parameters. (set-certificate-credentials-dh-parameters! cred dh) (set-certificate-credentials-rsa-export-parameters! cred rsa) (set-certificate-credentials-openpgp-keys! cred pub sec) (set-session-credentials! server cred)) (set-session-transport-fd! server (fileno some-socket)) (handshake server) (let ((msg (read (session-record-port server)))) (format #t "received: ~a~%" msg) (bye server close-request/rdwr))) |
In practice, generating RSA parameters (and Diffie-Hellman parameters)
can time a long time. Thus, you may want to generate them once and
store them in a file for future re-use (see section pkcs1-export-rsa-parameters
and pkcs1-import-rsa-parameters
).