Go to the first, previous, next, last section, table of contents.
If the SDSI distribution isn't already compiled and installed
on your system, you need to do that before you can start using SDSI.
See section Installing SDSI 2.0 for instructions on how to do this.
Right now, using SDSI means using either the command-line shell or the
Web-based graphical user interface to issue certificates. Before you
can use either, though, you need to have a public key and a private key.
The public and private key pairs that SDSI uses are RSA keypairs. Since
this software doesn't have its own key-generation routines yet, it
relies on the key-generation routines of either the PGP or SSH systems.
If you use PGP or SSH, you already have an RSA keypair, and can skip
this section. Otherwise, your system must have PGP or SSH installed.
If you find that your system has both, pick either one of them and
continue.
To generate a keypair using PGP, use `pgp -kg'. To generate a
keypair using SSH, use the `ssh-keygen' program. Both processes
ask basically the same questions:
- How long your public key should be. The longer it is, the safer it is,
since longer keys are harder to break; i.e., to turn into their private key.
- A name for yourself.
- A passphrase that will protect your private key when it is on disk.
Since private keys are supposed to be kept secret, this passphrase keeps
those that might be able to read your files from seeing your private key.
- Some random garbage characters. This random garbage is used to
find a unique keypair for you. Believe it or not, computers have a
very hard time being random. When they really need to be,
they need some help from you.
The next step is to convert the public key of your keypair into a SDSI
principal file.
- Make a directory `.sdsi' in your home directory. Under most
Unix shells, you can do this with `mkdir ~/.sdsi'.
- Run the `sdsi20-0.4.0/tools/pgp-ssh-to-sdsi2' program. If you made a PGP public key,
do `pgp-ssh-to-sdsi pgp'. If you made an SSH public key, do
`pgp-ssh-to-sdsi ssh'.
(3)
`pgp-ssh-to-sdsi2' makes one or more principal files in your
`.sdsi' directory. Each principal file contains a public key read
from your PGP public keyring (if you made a PGP key) or from your SSH
identity file (if you made an SSH key). The name of a file is the name
you gave to that key, with `.sdsi2' on the end.
(If you have used PGP before, `pgp-ssh-to-sdsi2' may have created
multiple principal files, one for each public key you have on your
public keyring. If you want, you can use these files later to help
you create certificates about these public keys.)
- One of these principal files contains your public key. It will be
named using the name you gave yourself when you created your keypair.
Rename this file to `my-principal.sdsi2'. For example, if your name
is Ben B. Bitdiddle, and you made a PGP keypair, calling yourself `ben.b.bitdiddle',
`pgp-ssh-to-sdsi2' will have created a file `ben.b.bitdiddle.sdsi2' in your
`.sdsi' directory, so you would do `cp ben.b.bitdiddle.sdsi2 my-principal.sdsi2'.
Now you are ready to use the SDSI command-line shell and the graphical user
interface.
Go to the first, previous, next, last section, table of contents.