Hello, I've written a small program that uses gnutls for authentication. I've chosen to use PSK authentication because it is simple to implement (no certificate checking and the like) and fits my use case well (single user). Now I've got a small usability problem:
On the client side I have to enter a password to derive the PSK key from. Whether I've entered it correctly or not can only be determined by trying a handshake. With my application this can be some time after I've entered the password and can be confused with connectivity and other problems on the network or server side. So I'd like to enter the password just once, derive the PSK key from it and store it in an AES-encrypted file. When starting my client application, it would then ask for the passphrase of that file and could immediately determine if the file can be decrypted using that key. This way it can produce a proper error message or just ask for the passphrase again. (This would be analogous to using an encrypted RSA private key for X509 authentication and being asked for its passphrase.) Is this directly supported by gnutls? How would I best go about implementing it? Is this a case for enhancing gnutls or should I rather implement the neccessary logic in my application? -- Thanks in advance, Michael _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
