11
@item Certificate authentication
13
@item Anonymous authentication
15
@item @acronym{SRP} authentication
17
@item @acronym{PSK} authentication
11
@item Certificate authentication: Authenticated key exchange using public key infrastructure and certificates (X.509 or OpenPGP).
13
@item @acronym{SRP} authentication: Authenticated key exchange using a password.
15
@item @acronym{PSK} authentication: Authenticated key exchange using a pre-shared key.
17
@item Anonymous authentication: Key exchange without peer authentication.
41
41
@section Certificate authentication
43
43
@subsection Authentication using @acronym{X.509} certificates
44
@cindex @acronym{X.509} certificates
44
@cindex X.509 certificates
46
46
@acronym{X.509} certificates contain the public parameters, of a
47
47
public key algorithm, and an authority's signature, which proves the
130
130
@showfuncdesc{gnutls_certificate_set_verify_function}
132
132
Note that the DHE key exchange methods are generally
133
slower@footnote{It really depends on the group used. Primes with
133
slower@footnote{It depends on the group used. Primes with
134
134
lesser bits are always faster, but also easier to break. See @ref{Selecting cryptographic key sizes}
135
for the acceptable security levels.}
136
and require Diffie-Hellman parameters to be generated and associated with a credentials
137
structure, by the server (see @ref{Parameter generation}).
135
for the acceptable security levels.} than the elliptic curves counterpart
136
(ECDHE). Moreover the plain Diffie-Hellman key exchange
137
requires parameters to be generated and associated with a credentials
138
structure by the server (see @ref{Parameter generation}).
139
140
@float Table,tab:key-exchange
140
141
@multitable @columnfractions .2 .7
220
221
@node Authentication using SRP
221
222
@section Authentication using @acronym{SRP}
222
@cindex @acronym{SRP} authentication
223
@cindex SRP authentication
224
Authentication via the Secure Remote Password protocol,
225
@acronym{SRP} (see @xcite{RFC2945} for a description of SRP),
226
is supported. The @acronym{SRP} key exchange is an extension to the
227
@acronym{TLS} protocol, and it is a password based authentication
228
(unlike @acronym{X.509} or @acronym{OpenPGP} that use certificates).
229
The two peers can be identified using a single password, or there can
230
be combinations where the client is authenticated using @acronym{SRP}
225
@acronym{GnuTLS} supported authentication via the Secure Remote Password
226
or @acronym{SRP} protocol (see @xcite{RFC2945,TOMSRP} for a description).
227
The @acronym{SRP} key exchange is an extension to the
228
@acronym{TLS} protocol, and it provided an authenticated with a
229
password key exchange. The peers can be identified using a single password,
230
or there can be combinations where the client is authenticated using @acronym{SRP}
231
231
and the server using a certificate.
233
233
The advantage of @acronym{SRP} authentication, over other proposed
234
secure password authentication schemes, is that @acronym{SRP} does not
235
require the server to hold the user's password. This kind of
236
protection is similar to the one used traditionally in the @acronym{UNIX}
234
secure password authentication schemes, is that @acronym{SRP} is not
235
susceptible to off-line dictionary attacks.
236
Moreover, SRP does not require the server to hold the user's password.
237
This kind of protection is similar to the one used traditionally in the @acronym{UNIX}
237
238
@file{/etc/passwd} file, where the contents of this file did not cause
238
239
harm to the system security if they were revealed. The @acronym{SRP}
239
240
needs instead of the plain password something called a verifier, which
240
241
is calculated using the user's password, and if stolen cannot be used
241
to impersonate the user. Check @xcite{TOMSRP} for a detailed
242
description of the @acronym{SRP} protocol and the Stanford
243
@acronym{SRP} libraries, which includes a PAM module that synchronizes
242
to impersonate the user.
243
The Stanford @acronym{SRP} libraries, include a PAM module that synchronizes
244
244
the system's users passwords with the @acronym{SRP} password
245
files. That way @acronym{SRP} authentication could be used for all the
245
files. That way @acronym{SRP} authentication could be used for all users
248
The implementation in @acronym{GnuTLS} is based on @xcite{TLSSRP} and
249
the supported @acronym{SRP} key exchange methods are:
248
The implementation in @acronym{GnuTLS} is based on @xcite{TLSSRP}. The
249
supported key exchange methods are shown below.
364
364
@showfuncC{gnutls_psk_set_server_credentials_function,gnutls_psk_set_server_credentials_hint,gnutls_psk_client_get_hint}
366
Helper functions are included in @acronym{GnuTLS}, and may be used to generate and
367
maintain @acronym{PSK} keys.
369
@showfuncdesc{gnutls_hex_encode}
371
@showfuncdesc{gnutls_hex_decode}
366
Helper functions to generate and maintain @acronym{PSK} keys are also included
369
@showfuncC{gnutls_key_generate,gnutls_hex_encode,gnutls_hex_decode}
374
372
@node Authentication and credentials