[gnutls-devel] RSA-PSK for GnuTLS
Frank Morgner
morgner at informatik.hu-berlin.de
Fri Jul 5 11:46:36 CEST 2013
I ported a patch for RSA-PSK from Bundesdruckerei GmbH to the most
recent version of GnuTLS. The patch revives some deletions from a8504e2
You may want to pull the commit from here:
https://github.com/frankmorgner/gnutls/commit/1df1cfca0832cbe9c90cd5b309af28aa7b7ec133
The original patch can be found here:
https://github.com/BeID-lab/eIDClientCore/blob/master/lib/eIDClientConnection/gnutls-2.10.2_add_rsa_psk.patch
Among other implementation, RSA-PSK can be tested with OpenSSL:
# generate keys
openssl genrsa -aes256 -out privkey.pem.org 2048
# remove passprase
openssl rsa -in privkey.pem.org -out privkey.pem
# create self signed server certificate
openssl req -new -key privkey.pem -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey privkey.pem -out server.crt
# download openssl 1.0.0k and patch for RSA-PSK. See
# http://blog.cj2s.de/archives/21-TLS-RSA-PSK-Cipher-Suites-for-OpenSSL.html
# start server
apps/openssl s_server -psk c033f52671c61c8128f7f8a40be88038bcf2b07a6eb3095c36e3759f0cf40837 -key privkey.pem -cipher RSA-PSK-AES256-CBC-SHA -debug -state -cert server.crt -WWW
# run gnutls client
src/gnutls-cli --pskusername Client_identity --pskkey c033f52671c61c8128f7f8a40be88038bcf2b07a6eb3095c36e3759f0cf40837 localhost -p 4433 --priority "+RSA-PSK:+AES-256-CBC:+SHA1" --insecure
--
Frank Morgner
Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE http://openpace.sourceforge.net
IFD Handler for libnfc Devices http://sourceforge.net/projects/ifdnfc
More information about the Gnutls-devel
mailing list