Raven keys: Difference between revisions
(Copy of "Raven Keys" page in Raven admin pages) |
(add links for public keys) |
||
Line 9: | Line 9: | ||
though of course this page could be forged too... | though of course this page could be forged too... | ||
;'''[[pubkey2]]''' | |||
;'''[[pubkey2.crt]]''' |
Revision as of 10:57, 19 September 2019
Application Agents need access to the current Raven public keys in order to verify authentication responses. They are available here and should be stored (under the same name(s) and un-edited) wherever the AA expects to find them. Keys are available in two formats - either as a PEM formated PKCS#1 RSA public keys (in files named pubkey<n>) or as a self-signed x509 certificate (in files named pubkey<n>.crt). The certificate format isn't any more secure, it's just that it is an easier format for some AA's to utilise. An AA will only need keys in one of these formats and the AA documentation should make it clear which. Beware that browsers may add .txt or similar to filenames when downloading them, and some operating systems may subsequently hide this additional suffix leading to significant confusion.
The Raven servers are currently (August 2004) using key 2 to sign responses, so you need to download and install pubkey2 and/or pubkey2.crt as appropriate. Any older keys must be deleted.
Of course you should be careful to only install keys that you have validated in some way, since forged keys can undermine the security of Raven. MD5 checksums of the current Raven key files are:
084668f1b3806846168c591f1c210b76 pubkey2 9eadb8dc6b8e670e4990855a1411e7cd pubkey2.crt
though of course this page could be forged too...