On Wed, Feb 5, 2014 at 8:15 AM, Steven Brown <[email protected]> wrote: > I'm building a program where I have a control connection to a remote > service that establishes a form of session and manages it and then > several other worker connections for that session over its lifetime. > I'd like to use a lightweight authentication scheme on the worker > connections if possible as they frequently come and go and there can be > many of them. I figure it should be possible for the control connection > to establish the authentication information necessary for the workers > but I'm not sure how best to go about it, hence this question. > From what I've read, I'm planning on SRP for the control connection and > PSK for the worker connections. If I'm understanding things correctly, > PSK should be lightweight. I can generate a random key when I create > the client's session and share it over SRP for use with PSK, but doesn't > SRP generate a session key as part of its negotiation? If so, is there > a way (and does it make sense) to use SRP's session key to do PSK > authentication of the workers?
The best is to use a different key that can be derived from the initial session parameters. You can do that using the gnutls_prf() function. http://gnutls.org/manual/html_node/Deriving-keys-for-other-applications_002fprotocols.html#Deriving-keys-for-other-applications_002fprotocols regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
