1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
# $OpenBSD: README,v 1.7 1999/11/03 19:52:21 angelos Exp $
This is release 2.2 of the KeyNote trust management library reference
implementation (in case you are wondering, there was never an official 1.0
release).
For details on the KeyNote spec, read RFC 2704, included in this distribution
(in the doc/ directory).
To build the distribution, just type "./configure" and then "make" or
"make crypt". To test the distribution, type "make test". The query should
evaluate to "true" (look at the last line of output). To build without
crypto support, use "make nocrypto" instead (you still need to run
"configure"). If you have built crypto support, "make test-sig" will run
some more tests on the cryptographic algorithms.
Compile tips:
- You need the SSLeay/OpenSSL library if you compile with crypto
(default), version 0.8.1b or later. You can find it in various
crypto software repositories, or at:
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/
OpenSSL can be found at:
http://www.openssl.org/
The Makefile creates the libkeynote.a library and the keynote program.
*** Notice that the 4 programs of previous releases have been folded into one
There is a man page for the library calls (keynote.3) and one for the command
line tool (keynote.1), in the man/ directory. There is also a man page
about KeyNote itself (keynote.4) and one about assertion syntax
(keynote.5) which contain some text from the spec.
To view them, use:
nroff -mandoc keynote.1 | more
nroff -mandoc keynote.3 | more
nroff -mandoc keynote.4 | more
nroff -mandoc keynote.5 | more
Alternatively, you can just install them in your manpath. If your
nroff does not support the -mandoc flag, use -man instead. For those
systems that do not have nroff, the text version of the man pages are
provided as well (the files with .cat? suffixes in the same directory).
The "keynote verify" function can be used to verify a request, given a
set of assertions and an environment file. The directory testsuite/
has some examples assertions. The "keynote keygen" function can
be used to generate keys. The "keynote sign" and "keynote sigver" can be
used to sign assertions, and verify signed assertions respectively.
The file base64.c was taken from the OpenBSD libc and was slightly
modified.
Read the TODO file to see what's missing (and eventually coming).
When in doubt on how to use a library call (despite the man pages),
consult the implementation of the various utilities.
For any questions, comments, bug reports, praise, or anything else,
contact us at keynote@research.att.com
There is also a users mailing list at keynote-users@nsa.research.att.com
To subscribe, send a message to majordomo@nsa.research.att.com with the word
"subscribe keynote-users" (without the quotes) in the message body.
Finally, there is a web page for KeyNote at
http://www.cis.upenn.edu/~keynote
Angelos D. Keromytis
|