Plasma GitLab Archive
Projects Blog Knowledge

Module Rpc_key_service


module Rpc_key_service: sig .. end
Contact the keyserv daemon to encrypt/decrypt data with the common key.

If the keyserv crashes, the current call will raise an exception (e.g. broken pipe), but the next call will try to reconnect.

This module works fully synchronous, i.e. waits until the keyserv responds. This is normally not a problem, because the keyserv daemon runs on the same system, and no network latencies can occur.


exception Netname_unknown
The netname is invalid
exception No_secret_key
The user does not have a secret key for the netname
exception Key_service_problem of exn
All exceptions (except the exceptions defined above) are wrapped into Key_service_problem.
type t 
represents a client of the keyserv daemon
type connector = [ `Direct of Rpc_client.connector * Rpc.protocol | `Keyenvoy of string ] 
How to connect to keyserv:
  • `Direct(c,p): Create a direct RPC connection to the keyserv program listening at c using protocol p. This usually only works if c is a local transport like Unix Domain.
  • `Keyenvoy path: Call the keyenvoy program installed at path

val create : ?connector:connector -> unit -> t
Connects to the keyserv daemon. By default (no connector), the local keyserv daemon is contacted in an OS-specific way.
val generate : t -> string
Generates a new conversation key (a 64 bit random number)
val encrypt : t -> string -> string -> string
This function is used if this program is a client and wants to contact a server. The first passed string is the netname of the server. Furthermore, the keyserv daemon automatically determines the netname of this process. The daemon looks up the public key of the server and the secret key of the client, and computes the common key using the Diffie Hellman scheme. The second passed string (exactly 8 characters) is DES-encrypted with the common key in ECB mode, and returned (again 8 characters).
val decrypt : t -> string -> string -> string
This function is used if this program is a server and wants to check the identity of a contacting client. The first passed string is the netname of the client. Furthermore, the keyserv daemon automatically determines the netname of this process. The daemon looks up the public key of the client and the secret key of the server, and computes the common key using the Diffie Hellman scheme. The second passed string (exactly 8 characters) is DES-decrypted with the common key in ECB mode, and returned (again 8 characters).

Example

  • The client is: "unix.100@domain"
  • The server is: "unix.mercury@domain" (* i.e. root@mercury *)
The client encrypts with
 let enc_data = encrypt "unix.mercury@domain" data 
This works because the keyserv daemon knows from the OS that the current process is run by "unix.100
val net_get : t -> string * string * string
val shut_down : t -> unit
This web site is published by Informatikbüro Gerd Stolpmann
Powered by Caml