[Twisted-Python] Re: How to make a secure connection between two computers

[Martin Geisler]

"Noam Raphael" <noamraph at gmail.com> writes:

> Hello,
>
> I want to do a pretty simple thing (I think): I have two computers A
> and B. I want A to connect to B, where both A verifies that it
> connected to B and B verifies that it was connected from A. The
> connection should be encrypted.
>
> I assume it can be done by SSL and twisted. I tried quite a bit, but
> it's too confusing. Perhaps someone can give me a tip? (Some openssl
> commands to create the needed key/certificate files, and an echoserver
> and echoclient programs would be really great.)

I am using TLS via GNUTLS via python-gnutls :-)

  http://pypi.python.org/pypi/python-gnutls

As I understand it, TLS is the successor to SSL. Python-gnutls contains
an example echo server and client that using Twisted and TLS.

To generate the certificates I use this Makefile:

  # Default number of players. To generate keys and certificates for,
  # say, 5 players, simply add 'N=5' as a command line argument when you
  # run the Makefile.
  N = 3
  
  PLAYERS = $(addprefix player-, $(shell seq $N))
  KEYS = $(addsuffix .key, $(PLAYERS) ca)
  CERTS = $(addsuffix .cert, $(PLAYERS) ca)
  REQUESTS = $(addsuffix .request, $(PLAYERS) ca)
  CFGS = $(addsuffix .cfg, $(PLAYERS) ca)
  
  
  .PHONY: all
  all: $(CERTS)
  
  .PHONY: clean
  clean:
  	rm -f $(CERTS)
  	rm -f $(REQUESTS)
  	rm -f $(CFGS)
  
  .PHONY: distclean
  distclean: clean
  	rm -f $(KEYS)
  
  %.key:
  	certtool --generate-privkey --outfile $@
  
  player-%.cfg:
  	@echo 'cn = "VIFF Player $*"' > $@
  	@echo 'serial = $*' >> $@ # The player number is encoded here.
  	@echo 'expiration_days = 365' >> $@
  	@echo 'signing_key' >> $@
  	@echo 'encryption_key' >> $@
  
  player-%.request: player-%.cfg player-%.key
  	certtool --generate-request --template player-$*.cfg \
  	 --load-privkey player-$*.key --outfile $@
  
  player-%.cert: player-%.request player-%.cfg ca.cert ca.key
  	certtool --generate-certificate --template player-$*.cfg \
  	 --load-request player-$*.request \
  	 --load-ca-certificate ca.cert --load-ca-privkey ca.key \
  	 --outfile $@
  
  ca.cfg:
  	@echo 'cn = "VIFF Certificate Authority"' > $@
  	@echo 'expiration_days = 365' >> $@
  	@echo 'ca' >> $@
  	@echo 'cert_signing_key' >> $@
  
  
  ca.cert: ca.cfg ca.key
  	certtool --generate-self-signed --template ca.cfg \
  	         --load-privkey ca.key --outfile ca.cert
  
  .INTERMEDIATE: ca.cfg
  .PRECIOUS: %.key


I hope this helps you a bit!


-- 
Martin Geisler

VIFF (Virtual Ideal Functionality Framework) brings easy and efficient
SMPC (Secure Multi-Party Computation) to Python. See: http://viff.dk/.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://twistedmatrix.com/pipermail/twisted-python/attachments/20080212/ba40d5dc/attachment.pgp