How to using it? First time to use it

[linlih]

The document is too thin, hope will provide more example

[linlih]

How can I sign a Interest packet and Data packet ?

[zjkmxy]

How can I sign a Interest packet and Data packet ?

You need to provide a signer, a key name or an identity name when calling express_interest or put_data functions. See: https://python-ndn.readthedocs.io/en/latest/src/app.html#signature By default the default key is used to sign Data, and Interest (if it has a payload). Only Interests with AppParam not equal to None are signed.

[linlih]

How can I sign a Interest packet and Data packet ?

You need to provide a signer, a key name or an identity name when calling express_interest or put_data functions. See: https://python-ndn.readthedocs.io/en/latest/src/app.html#signature By default the default key is used to sign Data, and Interest (if it has a payload). Only Interests with AppParam not equal to None are signed.

Thanks for the reply, I not sure I'm using this right. Unlike in C++ verison of NDN, it just define a m_keychain variable, and call sign function to sign.

from ndn.security import TpmFile
from ndn.encoding import Name
from ndn.app import NDNApp

tp = TpmFile("/home/linlh/.ndn/ndnsec-key-file/")
signer = tp.get_signer('/hello/KEY/%CF%03I%92%27%FC%F5S')
name = Name.from_str('/example/testApp/randomData')
data_name, meta_info, content = await app.express_interest(name, must_be_fresh=True,
                                                    can_be_prefix=False, lifetime=1000, signer=signer)

[zjkmxy]

Thanks for the reply, I not sure I'm using this right. Unlike in C++ verison of NDN, it just define a m_keychain variable, and call sign function to sign.

from ndn.security import TpmFile
from ndn.encoding import Name
from ndn.app import NDNApp

tp = TpmFile("/home/linlh/.ndn/ndnsec-key-file/")
signer = tp.get_signer('/hello/KEY/%CF%03I%92%27%FC%F5S')
name = Name.from_str('/example/testApp/randomData')
data_name, meta_info, content = await app.express_interest(name, must_be_fresh=True,
                                                    can_be_prefix=False, lifetime=1000, signer=signer)

You don't even need to obtain the signer explicitly.

from ndn.app import NDNApp

app = NDNApp() data_name, meta_info, content = await app.express_interest('/example/testApp/randomData', must_be_fresh=True, can_be_prefix=False, lifetime=1000, key='/hello/KEY/%CF%03I%92%27%FC%F5S')

I suggest to surround it with a try..catch block to catch Timeout.

[linlih]

I trying compare the python signing result and c++ verison, it looks quite different

python version:

/example/testApp/randomData/params-sha256=8737166b4cb3a21ba14a7fca231989a8171bbe6759b474de959c50b5a54f166f?ndn.MaxSuffixComponents=1&ndn.MustBeFresh=1&ndn.InterestLifetime=1000&ndn.Nonce=3875454713

c++ version:

/example/testApp/randomData/%16%1D%1B%01%01%1C%18%07%16%08%05hello%08%03KEY%08%08%CF%03I%92%27%FC%F5S/%17%FD%01%00Ry%D5%C5%B5%F5%07V%A0%F0%87%93r%25nW%DB%C0%60R9G%D4-%EB%3A%0Bq%D4%97w%E0%A9%21I%83v%B3%2C%5B%85%D1n%ECI-%D9%91%AF%BCI%1E%8ED7%84%D8%00%0B%B6%3A%95%EEkH%0F%97%F1%BF%D6%BC%3E%91%992%3A%ED%95%D5F7%E2%8Bt%89%BFG%83%E2%40%E4%2C%F4%F6%F7%5C%22%3B_%A9%B4%88%F4%1F%04%F0%DD%5B%FF%C9%D9%22%C3%5C%AE%A8%2C%9E%CD%AD%DD%26%16q%17%D3%CA%28%185%CB%E2%7B%40%EF%FE%F6Aw%ADH%5D%99%B4a%03%89%D4%C0%BC%0F%8E%EB%13%2C%E8%10%B4O%0C%93%5B.%AF%FC%CB%CA%99%5B%D3r%14%FC%09%89j%3A%FB%04%5E%27%13%0A%03J%CF%DC%F0%AByV_c4%0E%5Cn%90%07%5Ep%8F%05%9Cc%2C%C6%09%1B%22%CA%9A%03%FD%FD%CDX%C6%E9%27%FF0%C6N%91%BB%A1%BF%00%C0%60%0B%F0%81%02%8A%15%1A%B69%98%85Q%08%20%BA%B3%A1F%96%14z%19%B6%8E%C8?ndn.MustBeFresh=1&ndn.InterestLifetime=200&ndn.Nonce=2048467114

Using SignatureSha256WithRsa method， value length 256

[zjkmxy]

How you get such a string? I haven't seen that.

• ndn.MaxSuffixComponents should never occur because it became obsolete before the development of python-ndn.
• It is possible that C++ uses traditional naming convention. (A task for ndn-cxx: https://redmine.named-data.net/issues/5044) I'm not sure though.
• I don't know if you are using the old Command Interest format in ndn-cxx, which will include the whole signature in its name. The latest spec has already changed the way Interest is signed (FYI: https://named-data.net/doc/NDN-packet-spec/current/signature.html#interest-signature)

[linlih]

I got the string from nfd-start terminal, it directly output debug info in terminal. I am using python-ndn 0.3a1.post1 version. C++ verison is ndn-cxx 0.6.6 I check the code in c++ version, it did include the whole signature in its name, did it implemented in python version?

[zjkmxy]

No. python-ndn follows the latest spec, where the Interest signature in contained in a InterestSignatureValue TLV block, inside the Interest. We only include a digest of the Signature in the name. You may refer to https://named-data.net/doc/NDN-packet-spec/current/signed-interest.html for details.

[linlih]

OK, Thanks a lot, I will check it out.

[Pesa]

@linlih you are using an old version of ndn-cxx that predates the new signed interest format (the format used by python-ndn). With the latest version (0.7.1) you can create signed interests in the new format by calling setSignedInterestFormat(SignedInterestFormat::V03) on the SigningInfo object that you use for signing the packets. The new format will become the default in a future version of ndn-cxx.

[linlih]

@linlih you are using an old version of ndn-cxx that predates the new signed interest format (the format used by python-ndn). With the latest version (0.7.1) you can create signed interests in the new format by calling setSignedInterestFormat(SignedInterestFormat::V03) on the SigningInfo object that you use for signing the packets. The new format will become the default in a future version of ndn-cxx.

OK, Thanks for the reply. The reason I want to use the V02 version of NDN packet format is that our project it build in V02 version. So I trying to change the code in python-ndn project, now it works, Thx