[Help-gnutls] Public key export
Sylvain Beucler
beuc at beuc.net
Thu Dec 20 20:44:02 CET 2007
On Thu, Dec 20, 2007 at 09:28:56PM +0200, Nikos Mavrogiannopoulos wrote:
> On Thursday 20 December 2007, Sylvain Beucler wrote:
> > Hi,
> >
> > I'm using Authentic (http://authentic.labs.libre-entreprise.org/)
> > which asks the user to generate a private key and send in to public
> > counterpart.
> > I know how to do it with OpenSSL:
> > $ openssl rsa -pubout -in sp-priv.pem
>
> Indeed certtool is mostly certificate oriented. As I check now, I don't see
> functions to handle public keys, unless they are in certificate containers
> (pgp or x509). How is the public key this site program asks used? Will a
> certificate request, or a certificate (pgp or x509) be more appropriate?
I don't know the internal of Authentic. The key is meant for
signing. The public key appears in the "Identity Provider" metadata
that you provide the "Service Provider" with:
<?xml version="1.0"?>
<EntityDescriptor providerID="whatever-liberty-provider-id" xmlns="urn:liberty:metadata:2003-08">
<IDPDescriptor protocolSupportEnumeration="urn:liberty:iff:2003-08">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyValue>-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMOvmRSnHbS/xJAEMvUrqjxCq1
YOr1wo8vsH8Qw8ef/mdmeQMFOPKaUItz0c6o9MH+rVQRIE/hhU38UlAGOJ0fDiJf
bJfTFPW4omY0aThNxdJB8ywzQIbcIQ9bM4Xc0aUV0wmtXZPgEsxF6oRY3iwQWsGX
UznLYk+zWl4Qa49wiQIDAQAB
-----END PUBLIC KEY-----
</ds:KeyValue>
</ds:KeyInfo>
</KeyDescriptor>
[...]
This kind of file is specified by Liberty Alliance
(http://projectliberty.org/).
--
Sylvain
More information about the Gnutls-help
mailing list