-
Notifications
You must be signed in to change notification settings - Fork 2
Home
This library provides a public key infrastructure (PKI). It is based on ASAP, a routing protocol specialized decentralized networks, especially ad-hoc networks.
The concept is very close to PGP but easier to integrate into a ASAP environment. The library allows
- creating RSA keys
- create certificates
- exchange certificate in a pure decentralized system
- calculate a probability of correctness of a certificate
The very core of each certificate is a public key of a user, lets say A(lice). A public key can be used by others to a) encrypt data to be sent to the user and b) to verify a digital signature.
A PKI is as save as the relation between a real person and its public available key can be guaranteed.
Attackers try to impersonate others. An attacker, lets call him Mallory, would another person (e.g. Bob) that he is actually Alice. Each good PKI should give Bob to verify issuers claim. That's not an issue of computer science - it is about real world.
Receivers of a public key must ensure that this key belongs to the person (technical term: subject). Mallory will always try to trick others. He is to blame. But receives are even more to blame if they neglect to perform a reasonable checking. Bob should look at Mallory, ask for an ID or something like that and realize that he is not Alice.
Receivers can create a certificate if they are convinced of subjects' identity. Alice met Bob for instance. Bob is convinced that he really met Alice. He would take the public key, add the name Alice (and a view other parameters) and sign it. Bob becomes issuer of a certificate.
A certificate is a proclamation of the issuer: I, the issuer (e.g. Bob), herewith proclaim, that this public key belongs to the subject (e.g. Alice)_. I sign it.