Version 2 - History - Ndncert - NFD - NDN project issue tracking system

Ndncert » History » Version 2

Alex Afanasyev, 07/23/2014 01:46 PM

-Alex Afanasyev
+NDN Certification Framework (ndncert)
 =======
 ## Prerequisites:
 - ndn-cxx, NFD
-Alex Afanasyev
+        sudo apt-get install ndn-cxx ndn-cxx-dev nfd
 Alex Afanasyev
 - repo-ng with proper config
     Repo will hold/serve issued certificates for the site:
-Alex Afanasyev
+        sudo apt-get install repo-ng
 Alex Afanasyev
     Make sure that repo's config (`/etc/ndn/repo-ng.conf`) looks like the following (only repo.data needs to be changed, the rest should be the same).
         repo
+        {
           data
+          {
             prefix "ndn:/ndn/edu/ucla/KEY"
             ; prefix "ndn:/ndn/<site-name>/KEY"
+          }
           command
+          {
             prefix "ndn:/localhost/repo-ng"
+          }
           storage
+          {
             method "sqlite"             ; Currently, only sqlite storage engine is supported
             path "/var/lib/ndn/repo-ng"  ; path to repo-ng storage folder
+          }
           tcp_bulk_insert {
             host "localhost"  ; Set to listen on different IP address or hostname
             port 7376  ; Set to listen on different port number
+          }
           validator
+          {
             trust-anchor {
                 type any
+            }
+          }
+        }
     Restart repo-ng after making changes to config file (or the system)
         sudo restart repo-ng
 - Installed custom fork of PyNDN2 (! using python 2.7)
         git clone https://github.com/cawka/PyNDN2
         cd PyNDN2
         sudo python setup.py install
 - ndnop-process-requests script installed somewhere in security operator's PATH
         sudo curl -L https://raw.githubusercontent.com/named-data/ndncert/master/ndnop-process-requests > /usr/local/bin/ndnop-process-requests
         sudo chmod +x /usr/local/bin/ndnop-process-requests
 ## Certificate generation
 "Ideally", the procedure has to be done by the designated security operator himself.
 Performing this procedure on testbed hub is just a "convenience" for the time being and at all signing "ideally" should be performed elsewhere.
 NOTE: The following commands must be performed under a designated `ndncert` user.
 If ssh logic is different, `sudo su - ndncert` must be used to switch to the account (! not just `sudo ndncert`).
 . Generate key pair and certification request:
         ndnsec-keygen /ndn/edu/<name>
     `<name>` is sometime like: wustl, colostate, umich, ...
     The output of this command is certification request.  If signing request needs to be recreated for the existing identity (one from the `ndnsec-ls-identity` list), the following command can be used:
         ndnsec-sign-req /ndn/edu/<name>
     Singing request should be sent to NDN trust root (Alex Afanasyev right now).
 . Root operator will return signed certificate (e.g., `umich.ndncert`).  Do the following with the file:
         ndnsec-install-cert <received-file>
 ## Security operator actions
 When a user requests a certificate the operator gets an email alerting them and instructing them to run `ndnop-process-requests` on their node.
 Operator just need to ssh to the node, `sudo su - ndncert`, and issue
     ndnop-process-requests
 If there are pending requests, the script will guide the process to accept/reject.
 When accepted, the certificate will be created, published to local repo (using `tcp-bulk-insert` protocol---make sure that `repo-ng` is running before `ndnop-process-requests` is run), and uploaded to WEB system for the user to download it.

Project

General

Profile

NFD

Ndncert » History » Version 2