Raven keys: Difference between revisions

From RavenWiki
Jump to navigationJump to search
(Copy of "Raven Keys" page in Raven admin pages)
 
No edit summary
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
{{New Docs}}
{{Raven Legacy}}
Application Agents need access to the current Raven public keys in order to verify authentication responses. They are available here and should be stored (under the same name(s) and un-edited) wherever the AA expects to find them. Keys are available in two formats - either as a PEM formated PKCS#1 RSA public keys (in files named pubkey<n>) or as a self-signed x509 certificate (in files named pubkey<n>.crt). The certificate format isn't any more secure, it's just that it is an easier format for some AA's to utilise. An AA will only need keys in one of these formats and the AA documentation should make it clear which. Beware that browsers may add .txt or similar to filenames when downloading them, and some operating systems may subsequently hide this additional suffix leading to significant confusion.
Application Agents need access to the current Raven public keys in order to verify authentication responses. They are available here and should be stored (under the same name(s) and un-edited) wherever the AA expects to find them. Keys are available in two formats - either as a PEM formated PKCS#1 RSA public keys (in files named pubkey<n>) or as a self-signed x509 certificate (in files named pubkey<n>.crt). The certificate format isn't any more secure, it's just that it is an easier format for some AA's to utilise. An AA will only need keys in one of these formats and the AA documentation should make it clear which. Beware that browsers may add .txt or similar to filenames when downloading them, and some operating systems may subsequently hide this additional suffix leading to significant confusion.


Line 9: Line 12:


though of course this page could be forged too...
though of course this page could be forged too...
;'''[[pubkey2]]'''
;'''[[pubkey2.crt]]'''

Latest revision as of 11:46, 3 March 2020

We're working on improving Raven resources for developers and site operators.

Try out the new Raven documentation for size.

The WebAuth protocol should not be used for new sites or applications.

Application Agents need access to the current Raven public keys in order to verify authentication responses. They are available here and should be stored (under the same name(s) and un-edited) wherever the AA expects to find them. Keys are available in two formats - either as a PEM formated PKCS#1 RSA public keys (in files named pubkey<n>) or as a self-signed x509 certificate (in files named pubkey<n>.crt). The certificate format isn't any more secure, it's just that it is an easier format for some AA's to utilise. An AA will only need keys in one of these formats and the AA documentation should make it clear which. Beware that browsers may add .txt or similar to filenames when downloading them, and some operating systems may subsequently hide this additional suffix leading to significant confusion.

The Raven servers are currently (August 2004) using key 2 to sign responses, so you need to download and install pubkey2 and/or pubkey2.crt as appropriate. Any older keys must be deleted.

Of course you should be careful to only install keys that you have validated in some way, since forged keys can undermine the security of Raven. MD5 checksums of the current Raven key files are:

   084668f1b3806846168c591f1c210b76  pubkey2
   9eadb8dc6b8e670e4990855a1411e7cd  pubkey2.crt

though of course this page could be forged too...

pubkey2
pubkey2.crt