Next: Importing OpenPGP Keys Guile Example, Previous: Anonymous Authentication Guile Example, Up: Guile Examples [Contents][Index]
GnuTLS allows users to authenticate using OpenPGP certificates. Using OpenPGP-based authentication is not more complicated than using anonymous authentication. It requires a bit of extra work, though, to import the OpenPGP public and private key of the client/server. Key import is omitted here and is left as an exercise to the reader (see Importing OpenPGP Keys Guile Example).
Assuming some-socket is bound to an open socket port and pub and sec are bound to the client’s OpenPGP public and secret key, respectively, client-side code would look like this:
;; Client-side.
(define %certs (list certificate-type/openpgp))
(let ((client (make-session connection-end/client))
(cred (make-certificate-credentials)))
(set-session-default-priority! client)
;; Choose OpenPGP certificates.
(set-session-certificate-type-priority! client %certs)
;; Prepare appropriate client credentials.
(set-certificate-credentials-openpgp-keys! cred pub sec)
(set-session-credentials! client cred)
;; Specify the underlying transport socket.
(set-session-transport-fd! client (fileno some-socket))
(handshake client)
(write "hello, world!" (session-record-port client))
(bye client close-request/rdwr))
Similarly, server-side code would be along these lines:
;; Server-side.
(define %certs (list certificate-type/openpgp))
(let ((server (make-session connection-end/server))
(dh (make-dh-parameters 1024)))
(set-session-default-priority! server)
;; Choose OpenPGP certificates.
(set-session-certificate-type-priority! server %certs)
(let ((cred (make-certificate-credentials)))
;; Prepare credentials with Diffie-Hellman parameters.
(set-certificate-credentials-dh-parameters! cred dh)
(set-certificate-credentials-openpgp-keys! cred pub sec)
(set-session-credentials! server cred))
(set-session-transport-fd! server (fileno some-socket))
(handshake server)
(let ((msg (read (session-record-port server))))
(format #t "received: ~a~%" msg)
(bye server close-request/rdwr)))