[collectd] Authentication/Encryption for the network plugin.
Florian Forster
octo at verplant.org
Mon Apr 13 09:37:18 CEST 2009
Hi Bruno,
On Sun, Apr 12, 2009 at 09:19:38PM +0200, Bruno Prémont wrote:
> To retain the possibility of multiple signatures in a single packet one
> could do something like this:
>
> - part
> - part T=sig_start, D=id+hash
> - part (covered by signature)
> - ...
> - part T=sig_end, D=id
that would be pretty hard to parse, because to calculate the hash (in
order to verify the received one) we would have to search for “sig_end”
first. But we could get there by including the length of the signed data
in the packet, i. e. using something like:
+-+-+-+------+
!T!L!l! Hash !
+-+-+-+------+
L == length of signature == 38
l == length of signed data. The hash is then computed using
expected_hash = hmac (secret, buffer + 38, l)
Regards,
-octo
--
Florian octo Forster
Hacker in training
GnuPG: 0x91523C3D
http://verplant.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/collectd/attachments/20090413/03b5a89c/attachment.pgp
More information about the collectd
mailing list