Greetings, I am new to GnuTLS and I am slowly learning more about cryptography in general. I would like to build both a client and server application, with the following security constraints:
- The server needn't authenticate the client because it doesn't care who it is. - The client, however, needs to be sure that the server it connected to really is the genuine server and not an impostor. The IP address of the server machine may change from time to time (it is on DHCP), but the server machine itself will always be the same. It will be identified by hostname. - The communication between the two should be encrypted and sent over the wire via TLS 1.1. The protocol the two will use will be my own text based protocol handled through gnutls_record_recv() / gnutls_record_send(). I am using the sample "Echo Server with OpenPGP Authentication" as a starting point for implementing the server. I just hope this is the right kind of basic skeleton model I should be using for pedagogical purposes. Do you think this is sufficient? http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-OpenPGP-authentication.html I have gone through some of the OpenSSL documentation and GnuTLS's documentation on certtool, but I am still confused on how to generate the three files mentioned at the beginning of the server's source. I cannot seem to find any mention of their creation anywhere. Could be that I am just looking in all the wrong places: #define KEYFILE "secret.asc" #define CERTFILE "public.asc" #define RINGFILE "ring.gpg" But just as importantly, what do each of these really mean (I kind of understand the public and secret files, but not really the keyring - but nevertheless, I do not feel confident in my understanding of any of the three). Also, where should these three files reside? What should the client have and what should the server have available to them on disk? Thank you for any guidance you can provide. -- Kip Warner Software Engineer http://www.thevertigo.com -- View this message in context: http://www.nabble.com/Beginner-Questions-tf4614419.html#a13177782 Sent from the Gnu - TLS mailing list archive at Nabble.com. _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
