[Twisted-Python] Re: How to make a secure connection between two computers
Martin Geisler
mg at daimi.au.dk
Tue Feb 12 09:27:22 MST 2008
"Noam Raphael" <noamraph at gmail.com> writes:
> Hello,
>
> I want to do a pretty simple thing (I think): I have two computers A
> and B. I want A to connect to B, where both A verifies that it
> connected to B and B verifies that it was connected from A. The
> connection should be encrypted.
>
> I assume it can be done by SSL and twisted. I tried quite a bit, but
> it's too confusing. Perhaps someone can give me a tip? (Some openssl
> commands to create the needed key/certificate files, and an echoserver
> and echoclient programs would be really great.)
I am using TLS via GNUTLS via python-gnutls :-)
http://pypi.python.org/pypi/python-gnutls
As I understand it, TLS is the successor to SSL. Python-gnutls contains
an example echo server and client that using Twisted and TLS.
To generate the certificates I use this Makefile:
# Default number of players. To generate keys and certificates for,
# say, 5 players, simply add 'N=5' as a command line argument when you
# run the Makefile.
N = 3
PLAYERS = $(addprefix player-, $(shell seq $N))
KEYS = $(addsuffix .key, $(PLAYERS) ca)
CERTS = $(addsuffix .cert, $(PLAYERS) ca)
REQUESTS = $(addsuffix .request, $(PLAYERS) ca)
CFGS = $(addsuffix .cfg, $(PLAYERS) ca)
.PHONY: all
all: $(CERTS)
.PHONY: clean
clean:
rm -f $(CERTS)
rm -f $(REQUESTS)
rm -f $(CFGS)
.PHONY: distclean
distclean: clean
rm -f $(KEYS)
%.key:
certtool --generate-privkey --outfile $@
player-%.cfg:
@echo 'cn = "VIFF Player $*"' > $@
@echo 'serial = $*' >> $@ # The player number is encoded here.
@echo 'expiration_days = 365' >> $@
@echo 'signing_key' >> $@
@echo 'encryption_key' >> $@
player-%.request: player-%.cfg player-%.key
certtool --generate-request --template player-$*.cfg \
--load-privkey player-$*.key --outfile $@
player-%.cert: player-%.request player-%.cfg ca.cert ca.key
certtool --generate-certificate --template player-$*.cfg \
--load-request player-$*.request \
--load-ca-certificate ca.cert --load-ca-privkey ca.key \
--outfile $@
ca.cfg:
@echo 'cn = "VIFF Certificate Authority"' > $@
@echo 'expiration_days = 365' >> $@
@echo 'ca' >> $@
@echo 'cert_signing_key' >> $@
ca.cert: ca.cfg ca.key
certtool --generate-self-signed --template ca.cfg \
--load-privkey ca.key --outfile ca.cert
.INTERMEDIATE: ca.cfg
.PRECIOUS: %.key
I hope this helps you a bit!
--
Martin Geisler
VIFF (Virtual Ideal Functionality Framework) brings easy and efficient
SMPC (Secure Multi-Party Computation) to Python. See: http://viff.dk/.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: </pipermail/twisted-python/attachments/20080212/ba40d5dc/attachment.sig>
More information about the Twisted-Python
mailing list