[Help-gnutls] Signing multicast traffic with gnutls API ?

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Oct 30 18:56:55 CET 2008


Nikos Mavrogiannopoulos wrote:

>> The easiest sollution seems to sign a hash value of every package
with a
>> asymmetric public key and check this signature at the
>> receiver/retransmitter.
> Actually you cannot use TLS as a protocol since you don't have peer to
> peer communication to perform a handshake. You could use
> gnutls_x509_privkey_sign_data() and verify_data().

However you must know that replay/reordering attacks and maybe others
are possible, so care must be taken to avoid those if they apply. It
might be better to check if there is already a protocol for signing
broadcasted data, and follow that.

regards,
Nikos






More information about the Gnutls-help mailing list