[Twisted-Python] Re: How to make a secure connection between two computers
George Pauly
george at ringdevelopment.com
Tue Feb 12 11:18:59 MST 2008
On Tue, 2008-02-12 at 17:27 +0100, Martin Geisler wrote:
> "Noam Raphael" <noamraph at gmail.com> writes:
>
> > Hello,
> >
> > I want to do a pretty simple thing (I think): I have two computers A
> > and B. I want A to connect to B, where both A verifies that it
> > connected to B and B verifies that it was connected from A. The
> > connection should be encrypted.
> >
> > I assume it can be done by SSL and twisted. I tried quite a bit, but
> > it's too confusing. Perhaps someone can give me a tip? (Some openssl
> > commands to create the needed key/certificate files, and an echoserver
> > and echoclient programs would be really great.)
>
> I am using TLS via GNUTLS via python-gnutls :-)
>
> http://pypi.python.org/pypi/python-gnutls
>
> As I understand it, TLS is the successor to SSL. Python-gnutls contains
> an example echo server and client that using Twisted and TLS.
>
> To generate the certificates I use this Makefile:
>
> # Default number of players. To generate keys and certificates for,
> # say, 5 players, simply add 'N=5' as a command line argument when you
> # run the Makefile.
> N = 3
>
> PLAYERS = $(addprefix player-, $(shell seq $N))
> KEYS = $(addsuffix .key, $(PLAYERS) ca)
> CERTS = $(addsuffix .cert, $(PLAYERS) ca)
> REQUESTS = $(addsuffix .request, $(PLAYERS) ca)
> CFGS = $(addsuffix .cfg, $(PLAYERS) ca)
>
>
> .PHONY: all
> all: $(CERTS)
>
> .PHONY: clean
> clean:
> rm -f $(CERTS)
> rm -f $(REQUESTS)
> rm -f $(CFGS)
>
> .PHONY: distclean
> distclean: clean
> rm -f $(KEYS)
>
> %.key:
> certtool --generate-privkey --outfile $@
>
> player-%.cfg:
> @echo 'cn = "VIFF Player $*"' > $@
> @echo 'serial = $*' >> $@ # The player number is encoded here.
> @echo 'expiration_days = 365' >> $@
> @echo 'signing_key' >> $@
> @echo 'encryption_key' >> $@
>
> player-%.request: player-%.cfg player-%.key
> certtool --generate-request --template player-$*.cfg \
> --load-privkey player-$*.key --outfile $@
>
> player-%.cert: player-%.request player-%.cfg ca.cert ca.key
> certtool --generate-certificate --template player-$*.cfg \
> --load-request player-$*.request \
> --load-ca-certificate ca.cert --load-ca-privkey ca.key \
> --outfile $@
>
> ca.cfg:
> @echo 'cn = "VIFF Certificate Authority"' > $@
> @echo 'expiration_days = 365' >> $@
> @echo 'ca' >> $@
> @echo 'cert_signing_key' >> $@
>
>
> ca.cert: ca.cfg ca.key
> certtool --generate-self-signed --template ca.cfg \
> --load-privkey ca.key --outfile ca.cert
>
> .INTERMEDIATE: ca.cfg
> .PRECIOUS: %.key
>
>
> I hope this helps you a bit!
>
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
--
George Pauly
Ring Development
www.ringdevelopment.com
More information about the Twisted-Python
mailing list