-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
57 lines (46 loc) · 2.35 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
========================== Building ============================
Before building, make sure the following dependent libraries
have been installed besides CCNx library:
libxml2, libcrypto(i.e. openssl library)
Building the 'mkey' utility is simply a one-stop task:
make
================ Usage (For site operators) ====================
'mkey' is a utility for site operators to publish users' public
keys. Before execute the command to publish keys, several steps
should be done first:
1) ccnd daemon and repository running
To run ccnd daemon and repository, please refer to README
of CCNx library.
2) get the signing key and the key to be published ready
For the signing key, create a CCNx keystore using
'ccninitkeystore' utility provided by CCNx library.
For the key to be published, X509 certificate should be
collected from the key owner.
3) make the configuration file ready
A sample configuration file has been provided: mkey.xml.
The xml tags have the following meanings:
<affiliation> - Publisher's affiliation, e.g. UCLA
<prefix> - The name prefix of the key to be published
<validity_period> - The validy period of the keys in days
<signing_key> - The path to signing ccnx keystore
<pubkey_uri> - The signing key's name prefix
NOTE: These configurations can also be overwiten by command
line parameters of 'mkey' utility.
After completing previous steps, 'mkey' utility can be used
to actually publish the user's public key. The usage can be
accessed by executing the following command:
./mkey -h
For example, the following command
./mkey -c mkey.xml -i alex -f pkey.pem -k /path/to/signing/keystore
publishes the public key stored in pkey.pem using the signing key
located in /path/to/signing/keystore, using the configuration file
mkey.xml with the real-world identity of the key set to alex.
=================== Usage (For users/key owners) ========================
The 'pem' utility provided in the same directory as 'mkey' can be
used for extracting X509 certificate from CCNx keystore.
'pem' takes a CCNx keystore as input, and outputs X509 certificate
file which will be the input for 'mkey' (for site operators).
For example, the following command
./pem -i /path/to/keystore -o /path/to/certificate.pem
reads from CCNx keystore locates in /path/to/keystore, and outputs
the X509 certificate as /path/to/certificate.pem.