[Twisted-Python] Re: How to make a secure connection between two computers

Martin Geisler mg at daimi.au.dk
Tue Feb 12 11:27:22 EST 2008

"Noam Raphael" <noamraph at gmail.com> writes:

> Hello,
> I want to do a pretty simple thing (I think): I have two computers A
> and B. I want A to connect to B, where both A verifies that it
> connected to B and B verifies that it was connected from A. The
> connection should be encrypted.
> I assume it can be done by SSL and twisted. I tried quite a bit, but
> it's too confusing. Perhaps someone can give me a tip? (Some openssl
> commands to create the needed key/certificate files, and an echoserver
> and echoclient programs would be really great.)

I am using TLS via GNUTLS via python-gnutls :-)


As I understand it, TLS is the successor to SSL. Python-gnutls contains
an example echo server and client that using Twisted and TLS.

To generate the certificates I use this Makefile:

  # Default number of players. To generate keys and certificates for,
  # say, 5 players, simply add 'N=5' as a command line argument when you
  # run the Makefile.
  N = 3
  PLAYERS = $(addprefix player-, $(shell seq $N))
  KEYS = $(addsuffix .key, $(PLAYERS) ca)
  CERTS = $(addsuffix .cert, $(PLAYERS) ca)
  REQUESTS = $(addsuffix .request, $(PLAYERS) ca)
  CFGS = $(addsuffix .cfg, $(PLAYERS) ca)
  .PHONY: all
  all: $(CERTS)
  .PHONY: clean
  	rm -f $(CERTS)
  	rm -f $(REQUESTS)
  	rm -f $(CFGS)
  .PHONY: distclean
  distclean: clean
  	rm -f $(KEYS)
  	certtool --generate-privkey --outfile $@
  	@echo 'cn = "VIFF Player $*"' > $@
  	@echo 'serial = $*' >> $@ # The player number is encoded here.
  	@echo 'expiration_days = 365' >> $@
  	@echo 'signing_key' >> $@
  	@echo 'encryption_key' >> $@
  player-%.request: player-%.cfg player-%.key
  	certtool --generate-request --template player-$*.cfg \
  	 --load-privkey player-$*.key --outfile $@
  player-%.cert: player-%.request player-%.cfg ca.cert ca.key
  	certtool --generate-certificate --template player-$*.cfg \
  	 --load-request player-$*.request \
  	 --load-ca-certificate ca.cert --load-ca-privkey ca.key \
  	 --outfile $@
  	@echo 'cn = "VIFF Certificate Authority"' > $@
  	@echo 'expiration_days = 365' >> $@
  	@echo 'ca' >> $@
  	@echo 'cert_signing_key' >> $@
  ca.cert: ca.cfg ca.key
  	certtool --generate-self-signed --template ca.cfg \
  	         --load-privkey ca.key --outfile ca.cert
  .PRECIOUS: %.key

I hope this helps you a bit!

Martin Geisler

VIFF (Virtual Ideal Functionality Framework) brings easy and efficient
SMPC (Secure Multi-Party Computation) to Python. See: http://viff.dk/.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://twistedmatrix.com/pipermail/twisted-python/attachments/20080212/ba40d5dc/attachment.pgp 

More information about the Twisted-Python mailing list