[collectd] Authentication/Encryption for the network plugin.

Florian Forster octo at verplant.org
Mon Apr 13 09:37:18 CEST 2009


Hi Bruno,

On Sun, Apr 12, 2009 at 09:19:38PM +0200, Bruno Prémont wrote:
> To retain the possibility of multiple signatures in a single packet one
> could do something like this:
> 
> - part
> - part T=sig_start, D=id+hash
> - part (covered by signature)
> - ...
> - part T=sig_end, D=id

that would be pretty hard to parse, because to calculate the hash (in
order to verify the received one) we would have to search for “sig_end”
first. But we could get there by including the length of the signed data
in the packet, i. e. using something like:
 +-+-+-+------+
 !T!L!l! Hash !
 +-+-+-+------+
 L == length of signature == 38
 l == length of signed data. The hash is then computed using
        expected_hash = hmac (secret, buffer + 38, l)

Regards,
-octo
-- 
Florian octo Forster
Hacker in training
GnuPG: 0x91523C3D
http://verplant.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/collectd/attachments/20090413/03b5a89c/attachment.pgp 


More information about the collectd mailing list