NCBI Home
IEB Home
C Toolkit docs
C++ Toolkit source browser
C Toolkit source browser (2)

NCBI C Toolkit Cross Reference

C/network/encrypt/

 source navigation
identifier search
freetext search
file search
  Name Size Date (GMT) Description
Back   Parent directory   2009-12-10 04:32:49
File   README 6641  1997-08-25 18:34:27 
  1 This is the NCBI README file which provides instructions for how to setup
  2 the RIPEM/RSAREF software to be compiled in conjunction with the NCBI toolkit.
  3 Adding RIPEM/RSAREF to the toolkit adds the capability to produce
  4 client/server software which communicates using DES encryption with other
  5 clients and servers in the NCBI Dispatcher system, a.k.a. NCBI Network
  6 Services.
  7 
  8 The NCBI Network Services software uses the following scheme for key
  9 distribution, using a single RSA public-key/private-key pair, where the
 10 private-key is only known to the Dispatcher.
 11 
 12 (1) When connecting to the Dispatcher, a client includes the public key which
 13     it knows, if any, within its login message.
 14   
 15 (2) When the Dispatcher responds to the login message, it includes the
 16     latest public key.  If there is a key mismatch, the client software is
 17     designed to give the user the option of either accepting the new key
 18     or aborting the program.  The latter option is necessary because there
 19     is a slight risk that the key is being presented by a hostile party
 20     which is masquerading as the Dispatcher.
 21   
 22 (3) When the client issues a service request, it generates a pseudo-random
 23     DES key which it then encrypts using the public RSA key.  The Dispatcher
 24     decrypts the DES key and passes it in a secure manner to the server
 25     daemon for the requested service.  The server manager (ncbid) in turn
 26     spawns the real server for that service and informs it of the DES key.
 27     The subsequent client/server communication takes place using cipher-
 28     block-chained DES encryption using the agreed-upon DES key.
 29   
 30     Note that each client<->server session uses a different DES key.
 31 
 32 
 33 To obtain the RIPEM/RSAREF software to include in your application, you
 34 must follow the procedure described at the end of this document.  Note that:
 35   (1) The NCBI Network Services software has been tested with the source
 36       code from RIPEM 1.1 and RIPEM 1.2, although the latter is recommended.
 37   (2) The RIPEM source archive is posted on its FTP server in UNIX compressed
 38       tar format.  Tools are generally available to uncompress and untar
 39       this type of archive for different platforms.
 40   (3) After uncompressing the archive, you must copy the tar file to
 41       this directory (network/encrypt) and extract the desired components
 42       into this directory.
 43       You may either extract the entire archive for reference:
 44         tar xf ripem-1.2.tar
 45       or extract only the portion you need, to save local disk space:
 46         tar xf ripem-1.2.tar ripem/rsaref/source
 47   (4) It may be necessary to manually modify the resulting global.h file
 48       for compatibility with your hardware/software platform
 49   (5) The RSAREF source code is compiled as part of the "LIB15" library.
 50       See make/makenet.* for details.
 51 
 52 
 53 DISCLAIMER:
 54       You must follow all licensing and export regulations described in
 55       the RIPEM/RSAREF documentation.  Note that NCBI can detect the use of
 56       a client which is using encryption to communicate with Dispatcher.
 57       Note that NCBI may need to cooperate with U.S. authorities if it
 58       appears that U.S. export regulations have been violated.
 59 
 60 
 61 Please direct any questions to toolbox@ncbi.nlm.nih.gov.
 62 
 63 The following information is what is required for U.S. and Canadian
 64 citizens to obtain the RIPEM cryptographic software.  Many thanks to Mark
 65 Riordan and RSA Laboratories for making this software available to NCBI
 66 and American and Canadian scientists who wish to encrypt their data.
 67 
 68 -------------------------- begin included message ---------------------------
 69 
 70 Dear FTP user,
 71 
 72 To access the RIPEM cryptographic software archive at ripem.msu.edu,
 73 you must have an "account" on my custom FTP server.  Traditional
 74 anonymous FTP login is allowed, but anonymous users are prevented
 75 from doing GETs on files containing cryptographic software.
 76 Anonymous access is allowed so that you can get README-type files
 77 like this one, and files containing descriptions of software
 78 licensing terms.
 79 
 80 To apply for FTP access to rpub.cl.msu.edu, send an email message
 81 to ripem@ripem.msu.edu.   State the following:
 82 
 83 1.  Your citizenship (must be USA or Canadian) 
 84 2.  Your willingness to comply with relevant export laws.
 85 3.  Your willingness to comply with relevant software license terms.
 86     (You should get and read the file "rsaref-license.txt" on this host, 
 87     so you know what you are agreeing to if you get RIPEM.)  
 88 4.  The "canonical" Internet domain name of your host.
 89     (If you are not sure of the primary name of your host, FTP to
 90     ripem.msu.edu under user anonymous.  The FTP server will inform
 91     you of your hostname.)  Also state the country in which your host
 92     resides.
 93 
 94 *****
 95 ***** NOTE:  It is very important that you get the hostname correct.
 96 *****        As odd as it may seem, many requestors have
 97 *****        not correctly specified their host address.  This
 98 *****        causes extra effort for both of us.  Please check
 99 *****        (via anonymous FTP) unless you are certain of your
100 *****        hostname as known by domain name servers.  Your
101 *****        hostname does *** NOT *** have an "@" in it, and
102 *****        in general cannot be derived from your email address.
103 *****
104 
105 Here's a sample email message you might send to ripem@ripem.msu.edu:
106 
107 To: ripem@ripem.msu.edu
108 Subject: Access to ripem.msu.edu
109 
110    Dear Mark,
111 
112    Please give me access to ripem.msu.edu.  I am an American
113    citizen, and I agree to comply with crypto export laws and
114    RSAREF license terms.  My hostname is hobbit.egr.bigu.edu;
115    this host is located in the United States.
116 
117    Thank you.
118 
119 When I receive your message, with luck I'll promptly issue you
120 a special FTP username and password by return email.  This username 
121 will work only from the hostname you specify in your message.
122 
123 In the case of RIPEM, you may redistribute the code, but only
124 to others in the USA and Canada, and only under the terms of
125 the RSAREF license agreement mentioned above.
126 
127 Thank you.
128 
129 This method of distribution is due to local site requirements 
130 and is not required by RSAREF license terms, FYI.
131 
132 Mark Riordan   mrr@scss3.cl.msu.edu
133 
134 P.S.  I realize that going through this account application process 
135 is not your idea of a good time.  It doesn't take much imagination
136 to figure that it isn't my idea of a good time, either.  Please
137 help this process go smoothly by giving me all the informative
138 requested above, so I can issue your account on the first try.
139 I receive hundreds of these requests and many are lacking information.
140 
141 -------------------------- end included message -----------------------------
source navigation ]   [ identifier search ]   [ freetext search ]   [ file search ]  
This page was automatically generated by the LXR engine.
Visit the LXR main site for more information.