Re: [dtn-security] Bundle Authentication Block interoperability

"Ivancic, William D. (GRC-RHN0)" <william.d.ivancic@nasa.gov> Tue, 08 December 2009 17:33 UTC

Received: from ndmsnpf03.ndc.nasa.gov (ndmsnpf03.ndc.nasa.gov [198.117.0.123]) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id nB8HXZbB011829 for <dtn-security@maillists.intel-research.net>; Tue, 8 Dec 2009 09:33:35 -0800
Received: from ndjsppt02.ndc.nasa.gov (ndjsppt02.ndc.nasa.gov [198.117.1.101]) by ndmsnpf03.ndc.nasa.gov (Postfix) with ESMTP id BB6DA2D835E for <dtn-security@maillists.intel-research.net>; Tue, 8 Dec 2009 11:33:35 -0600 (CST)
Received: from ndjshub03.ndc.nasa.gov (ndjshub03.ndc.nasa.gov [198.117.4.162]) by ndjsppt02.ndc.nasa.gov (8.14.3/8.14.3) with ESMTP id nB8HXZhi019400 for <dtn-security@maillists.intel-research.net>; Tue, 8 Dec 2009 11:33:35 -0600
Received: from NDJSSCC03.ndc.nasa.gov ([198.117.4.170]) by ndjshub03.ndc.nasa.gov ([198.117.4.162]) with mapi; Tue, 8 Dec 2009 11:33:35 -0600
From: "Ivancic, William D. (GRC-RHN0)" <william.d.ivancic@nasa.gov>
To: "dtn-security@maillists.intel-research.net" <dtn-security@maillists.intel-research.net>
Date: Tue, 8 Dec 2009 11:33:06 -0600
Thread-Topic: RE: Bundle Authentication Block interoperability
Thread-Index: Acp4LIB0HjGqJtUHRjKGFc/JyBTVyg==
Message-ID: <3A5AA67A8B120B48825BFFCF54438561945FE473EC@NDJSSCC03.ndc.nasa.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=1.12.8161:2.4.5, 1.2.40, 4.0.166 definitions=2009-12-08_08:2009-11-30, 2009-12-08, 2009-12-08 signatures=0
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by maillists.intel-research.net id nB8HXZbB011829
Subject: Re: [dtn-security] Bundle Authentication Block interoperability
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2009 17:33:35 -0000

(Forwarded on Scotts behalf)

Not quite, Will.  The ION key file does need to contain a 20-byte key, which is also what is specified in the DTN2 configuration command as 40 ASCII characters.  The ION key file does *not* need to contain an ASCII key.  In fact, there's a convenience utility provided in ION for making up highly random hexadecimal 160-bit SHA1 keys and writing them to files, in case you don't want to do it yourself.

Scott

> -----Original Message-----
> From: dtn-security-bounces@maillists.intel-research.net [mailto:dtn- 
> security-bounces@maillists.intel-research.net] On Behalf Of Ivancic, 
> William D. (GRC-RHN0)
> Sent: Tuesday, December 08, 2009 8:43 AM
> To: Ivancic, William D. (GRC-RHN0); dtn-security@maillists.intel- 
> research.net
> Subject: Re: [dtn-security] Bundle Authentication Block 
> interoperability
> 
> We discovered our problem.
> 
> DTN2 uses a 40 character hex string. ION key file should contain a 20 
> byte ASCII key, not the hex equivalent of that as DTN2 expects. Thus, 
> one can hexdump the 20 byte ION key file and use the hex value of that 
> key in the
> DTN2 config.
> 
> Still interested to know if anyone has run BAB interoperability with 
> various DTN builds.
> 
> 
> --Will

******************************
William D. Ivancic
Phone 216-433-3494
Fax 216-433-8705
Networking Lab 216-433-2620
DTN Lab 216-433-2981
Mobile 440-503-4892
http://roland.grc.nasa.gov/~ivancic