[Twisted-Python] Re: How to make a secure connection between two computers

George Pauly george at ringdevelopment.com
Tue Feb 12 13:18:59 EST 2008


On Tue, 2008-02-12 at 17:27 +0100, Martin Geisler wrote:
> "Noam Raphael" <noamraph at gmail.com> writes:
> 
> > Hello,
> >
> > I want to do a pretty simple thing (I think): I have two computers A
> > and B. I want A to connect to B, where both A verifies that it
> > connected to B and B verifies that it was connected from A. The
> > connection should be encrypted.
> >
> > I assume it can be done by SSL and twisted. I tried quite a bit, but
> > it's too confusing. Perhaps someone can give me a tip? (Some openssl
> > commands to create the needed key/certificate files, and an echoserver
> > and echoclient programs would be really great.)
> 
> I am using TLS via GNUTLS via python-gnutls :-)
> 
>   http://pypi.python.org/pypi/python-gnutls
> 
> As I understand it, TLS is the successor to SSL. Python-gnutls contains
> an example echo server and client that using Twisted and TLS.
> 
> To generate the certificates I use this Makefile:
> 
>   # Default number of players. To generate keys and certificates for,
>   # say, 5 players, simply add 'N=5' as a command line argument when you
>   # run the Makefile.
>   N = 3
>   
>   PLAYERS = $(addprefix player-, $(shell seq $N))
>   KEYS = $(addsuffix .key, $(PLAYERS) ca)
>   CERTS = $(addsuffix .cert, $(PLAYERS) ca)
>   REQUESTS = $(addsuffix .request, $(PLAYERS) ca)
>   CFGS = $(addsuffix .cfg, $(PLAYERS) ca)
>   
>   
>   .PHONY: all
>   all: $(CERTS)
>   
>   .PHONY: clean
>   clean:
>   	rm -f $(CERTS)
>   	rm -f $(REQUESTS)
>   	rm -f $(CFGS)
>   
>   .PHONY: distclean
>   distclean: clean
>   	rm -f $(KEYS)
>   
>   %.key:
>   	certtool --generate-privkey --outfile $@
>   
>   player-%.cfg:
>   	@echo 'cn = "VIFF Player $*"' > $@
>   	@echo 'serial = $*' >> $@ # The player number is encoded here.
>   	@echo 'expiration_days = 365' >> $@
>   	@echo 'signing_key' >> $@
>   	@echo 'encryption_key' >> $@
>   
>   player-%.request: player-%.cfg player-%.key
>   	certtool --generate-request --template player-$*.cfg \
>   	 --load-privkey player-$*.key --outfile $@
>   
>   player-%.cert: player-%.request player-%.cfg ca.cert ca.key
>   	certtool --generate-certificate --template player-$*.cfg \
>   	 --load-request player-$*.request \
>   	 --load-ca-certificate ca.cert --load-ca-privkey ca.key \
>   	 --outfile $@
>   
>   ca.cfg:
>   	@echo 'cn = "VIFF Certificate Authority"' > $@
>   	@echo 'expiration_days = 365' >> $@
>   	@echo 'ca' >> $@
>   	@echo 'cert_signing_key' >> $@
>   
>   
>   ca.cert: ca.cfg ca.key
>   	certtool --generate-self-signed --template ca.cfg \
>   	         --load-privkey ca.key --outfile ca.cert
>   
>   .INTERMEDIATE: ca.cfg
>   .PRECIOUS: %.key
> 
> 
> I hope this helps you a bit!
> 
> 
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
-- 
George Pauly
Ring Development
www.ringdevelopment.com





More information about the Twisted-Python mailing list